2022-07-30
ALT-BU-2022-5627-1
Branch sisyphus_e2k update bulletin.
Package SDL2_ttf updated to version 2.20.0-alt1.1 for branch sisyphus_e2k.
Closed vulnerabilities
Published: 2022-05-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-27470
SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- https://github.com/libsdl-org/SDL_ttf/commit/db1b41ab8bde6723c24b866e466cad78c2fa0448
- https://github.com/libsdl-org/SDL_ttf/commit/db1b41ab8bde6723c24b866e466cad78c2fa0448
- https://github.com/libsdl-org/SDL_ttf/issues/187
- https://github.com/libsdl-org/SDL_ttf/issues/187
- FEDORA-2022-600e0cba93
- FEDORA-2022-600e0cba93
- FEDORA-2022-857d1f7050
- FEDORA-2022-857d1f7050
- FEDORA-2022-280ac942be
- FEDORA-2022-280ac942be