2186428 – (CVE-2023-2004) CVE-2023-2004 freetype: integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c

Bug 2186428 (CVE-2023-2004) - CVE-2023-2004 freetype: integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c

Summary: CVE-2023-2004 freetype: integer overflowin in tt_hvadvance_adjust() in src/tr...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2023-2004
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2186430 2186432 2186434 2186435 2186436 2187208 2187209 2187211 2187212 2186431 2186433 2186437 2187207 2187210 2187213 2187214
Blocks:	2143405
TreeView+	depends on / blocked

Reported:	2023-04-13 09:27 UTC by TEJ RATHI
Modified:	2023-06-01 07:05 UTC (History)
CC List:	36 users (show)
Fixed In Version:	freetype 2.13.0
Doc Type:	If docs needed, set a value
Doc Text:	An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c. This flaw causes an application to crash or leads to a denial of service.
Clone Of:
Environment:
Last Closed:	2023-05-23 03:24:00 UTC
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2023-04-13 09:27:23 UTC

Freetype: Integer overflow in src/truetype/ttgxvar.c (tt_hvadvance_adjust): 

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611

Comment 1 TEJ RATHI 2023-04-13 09:33:30 UTC

Created chromium tracking bugs for this issue:

Affects: epel-all [bug 2186431]
Affects: fedora-all [bug 2186433]


Created freetype tracking bugs for this issue:

Affects: fedora-all [bug 2186430]


Created java-11-openjdk tracking bugs for this issue:

Affects: fedora-all [bug 2186434]


Created java-17-openjdk tracking bugs for this issue:

Affects: fedora-all [bug 2186435]


Created java-latest-openjdk tracking bugs for this issue:

Affects: epel-all [bug 2186432]
Affects: fedora-all [bug 2186436]


Created mingw-freetype tracking bugs for this issue:

Affects: fedora-all [bug 2186437]

Comment 2 Product Security DevOps Team 2023-04-13 14:06:16 UTC

This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.

Note You need to log in before you can comment on or make changes to this bug.

ahughes
aoconnor
apodtele
bdettelb
caswilli
chazlett
crarobin
dffrench
dfitzmau
dfreiber
dkuc
fjansen
gzaronik
hbraun
hkataria
jburrell
jdowland
jmadigan
jsherril
jvanek
kaycoth
kshier
micjohns
mkasik
neugens
ngough
pamccart
pjindal
rgodfrey
rh-spice-bugs
rogbas
sraghupu
sthirugn
tkasparek
tmeszaro
vkumar