Advisories » MGASA-2023-0182

Updated freetype2 packages fix security vulnerability

Publication date: 21 May 2023
Modification date: 21 May 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-2004

Description

An integer overflow vulnerability was discovered in Freetype in
tt_hvadvance_adjust() function in src/truetype/ttgxvar.c. (CVE-2023-2004)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31887
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KDNGTGQAUZJ6YQDI2AVGYIFFPUMMZLKS/
• https://ubuntu.com/security/notices/USN-6062-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2004

SRPMS

8/core

• freetype2-2.10.4-2.3.mga8

8/tainted

• freetype2-2.10.4-2.3.mga8.tainted