CVE-2024-25262 — Heap-based Buffer Overflow in Texlive-bin

CWE-122 — Heap-based Buffer Overflow8 documents5 sources
Severity
8.1HIGHNVD
OSV9.8OSV7.8
EPSS
0.1%
top 65.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Debian Texlive-bin
Timeline
PublishedFeb 29
Latest updateJan 29

Description

texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages1 packages

â–¶debiandebian/texlive-bin< texlive-bin 2022.20220321.62855-5.1+deb12u2 (bookworm)

🔴Vulnerability Details

4
OSV
texlive-bin vulnerabilities↗2026-01-29
â–¶
OSV
texlive-bin vulnerabilities↗2024-03-14
â–¶
OSV
CVE-2024-25262: texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump↗2024-02-29
â–¶
GHSA
GHSA-79qr-9mf7-fr3g: texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump↗2024-02-29
â–¶

📋Vendor Advisories

3
Ubuntu
TeX Live vulnerabilities↗2026-01-29
â–¶
Ubuntu
TeX Live vulnerabilities↗2024-03-14
â–¶
Debian
CVE-2024-25262: texlive-bin - texlive-bin commit c515e was discovered to contain heap buffer overflow via the ...↗2024
â–¶
CVE-2024-25262 — Heap-based Buffer Overflow | cvebase