GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file. References: https://ftp.gnu.org/gnu/indent/ https://savannah.gnu.org/bugs/index.php?64503
Created indent tracking bugs for this issue: Affects: epel-all [bug 2231920] Affects: fedora-all [bug 2231919]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-40305
I posted a fix to the upstream bug report.