CVE-2023-2004

CVSS V2 None CVSS V3 None
Description
An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c.
Overview
  • CVE ID
  • CVE-2023-2004
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-04-14T21:15:08
  • Last Modified Date
  • 2023-04-24T17:50:08
Weakness Enumerations
CWE URL
CWE-190 http://cwe.mitre.org/data/definitions/190.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* 1 OR 2.13.0
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://access.redhat.com/security/cve/CVE-2023-2004
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
https://bugzilla.redhat.com/show_bug.cgi?id=2186428
https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDNGTGQAUZJ6YQDI2AVGYIFFPUMMZLKS/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFZWDF43D73C5KWFF26GIIVZJKEFPS3K/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRSEIYMPWLVPGTC34N2Q3WAUHGGOWSWP/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-2004
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2004
History
Created Old Value New Value Data Type Notes
2023-04-17 04:45:44 Added to TrackCVE
2023-04-17 04:45:47 Weakness Enumeration new
2023-04-20 08:00:52 2023-04-20T07:15:07 CVE Modified Date updated
2023-04-20 08:00:56 References updated
2023-04-20 14:01:05 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-04-20 20:01:38 Undergoing Analysis Awaiting Analysis Vulnerability Status updated
2023-04-21 04:01:11 2023-04-21T03:15:07 CVE Modified Date updated
2023-04-21 04:01:14 References updated
2023-04-21 05:00:56 2023-04-21T04:15:43 CVE Modified Date updated
2023-04-21 05:01:01 References updated
2023-04-21 11:00:41 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-04-22 04:00:43 2023-04-22T03:15:11 CVE Modified Date updated
2023-04-22 04:00:47 References updated
2023-04-24 18:01:05 2023-04-24T17:50:08 CVE Modified Date updated
2023-04-24 18:01:05 Undergoing Analysis Analyzed Vulnerability Status updated
2023-04-24 18:01:11 CPE Information updated