CVE-2022-33047Out-of-bounds Write in Project Otfcc

CWE-787Out-of-bounds Write4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 35.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Otfcc Project OtfccDebian Texlive-bin
Timeline
PublishedJul 6
Latest updateJul 7

Description

OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-9wwr-74pw-r9j7: OTFCC v02022-07-07
OSV
CVE-2022-33047: OTFCC v02022-07-06

📋Vendor Advisories

1
Debian
CVE-2022-33047: texlive-bin - OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via ot...2022