CVE-2022-35456

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-35456
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-35456.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-35456
Published
2022-08-16T21:15:11Z
Modified
2025-01-08T09:02:58.730044Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x617087.

References

Affected packages

Debian:12 / texlive-bin

Package

Name
texlive-bin
Purl
pkg:deb/debian/texlive-bin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2022.*

2022.20220321.62855-5.1
2022.20220321.62855-5.1+deb12u1
2022.20220321.62855-5.1+deb12u2
2022.20220321.62855-6
2022.20220321.62855-7
2022.20220321.62855-8

2023.*

2023.20230311.66589-1
2023.20230311.66589-2
2023.20230311.66589-3
2023.20230311.66589-4
2023.20230311.66589-5
2023.20230311.66589-6
2023.20230311.66589-7
2023.20230311.66589-8
2023.20230311.66589-9

2024.*

2024.20240313.70630+ds-1
2024.20240313.70630+ds-2
2024.20240313.70630+ds-3
2024.20240313.70630+ds-4
2024.20240313.70630+ds-5

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / texlive-bin

Package

Name
texlive-bin
Purl
pkg:deb/debian/texlive-bin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2022.*

2022.20220321.62855-5.1
2022.20220321.62855-6
2022.20220321.62855-7
2022.20220321.62855-8

2023.*

2023.20230311.66589-1
2023.20230311.66589-2
2023.20230311.66589-3
2023.20230311.66589-4
2023.20230311.66589-5
2023.20230311.66589-6
2023.20230311.66589-7
2023.20230311.66589-8
2023.20230311.66589-9

2024.*

2024.20240313.70630+ds-1
2024.20240313.70630+ds-2
2024.20240313.70630+ds-3
2024.20240313.70630+ds-4
2024.20240313.70630+ds-5

Ecosystem specific

{
    "urgency": "unimportant"
}