Fluid Attacks Database

Description

texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	texlive-bin	=2020.20200327.54578-7 \|\| =2020.20200327.54578-7+deb11u1 \|\| >=0 <2020.20200327.54578-7+deb11u2	2020.20200327.54578-7+deb11u2
debian 12	texlive-bin	=2022.20220321.62855-5.1 \|\| =2022.20220321.62855-5.1+deb12u1 \|\| >=0 <2022.20220321.62855-5.1+deb12u2	2022.20220321.62855-5.1+deb12u2
debian 13	texlive-bin	>=0 <2023.20230311.66589-9	2023.20230311.66589-9
debian 14	texlive-bin	>=0 <2023.20230311.66589-9	2023.20230311.66589-9

Aliases

1. CVE-2024-252622. NVD-2024-252623. OSV-DEBIAN-2024-252624. OSV-2024-252625. SECURITY-TRACKER-CVE-2024-25262

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.