CVE-2024-25262

Published: 29 February 2024

texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.

Priority

Status

Package	Release	Status
texlive-bin Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Released (2019.20190605.51237-3ubuntu0.2)
	jammy	Released (2021.20210626.59705-1ubuntu0.2)
	mantic	Released (2023.20230311.66589-6ubuntu0.1)
	trusty	Ignored (end of standard support)
	upstream	Released (2023.20230311.66589-9)
	xenial	Needs triage
	Patches: upstream: https://github.com/TeX-Live/texlive-source/pull/63

References

https://ubuntu.com/security/notices/USN-6695-1
https://www.cve.org/CVERecord?id=CVE-2024-25262
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›