CVE-2024-25262: Buffer Overflow

Q: What is the severity of CVE-2024-25262?

CVE-2024-25262 has been classified with a severity level that could allow attackers to cause a Denial of Service (DoS).

Q: How do I fix CVE-2024-25262?

To fix CVE-2024-25262, update texlive-bin to any of the patched versions: 2019.20190605.51237-3ubuntu0.2, 2021.20210626.59705-1ubuntu0.2, 2023.20230311.66589-6ubuntu0.1, or 2023.20230311.66589-9.

Q: What causes CVE-2024-25262?

CVE-2024-25262 is caused by a heap buffer overflow in the function ttfLoadHDMX:ttfdump while processing a crafted TTF file.

Q: Which versions of texlive-bin are affected by CVE-2024-25262?

CVE-2024-25262 affects versions of texlive-bin prior to the specific patched releases listed in the fix.

Q: Can CVE-2024-25262 lead to data breaches?

While CVE-2024-25262 primarily enables Denial of Service attacks, it does not directly lead to data breaches.

Published Feb 20, 2024

Updated

texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.

Affected Software

5 affected componentsFixes available

debian/texlive-bin<=2018.20181218.49446-1, <=2018.20181218.49446-1+deb10u2, <=2020.20200327.54578-7+deb11u1, <=2022.20220321.62855-5.1+deb12u1

2023.20230311.66589-9

ubuntu/texlive-bin<2019.20190605.51237-3ubuntu0.2

2019.20190605.51237-3ubuntu0.2

ubuntu/texlive-bin<2021.20210626.59705-1ubuntu0.2

2021.20210626.59705-1ubuntu0.2

ubuntu/texlive-bin<2023.20230311.66589-6ubuntu0.1

2023.20230311.66589-6ubuntu0.1

ubuntu/texlive-bin<2023.20230311.66589-9

2023.20230311.66589-9

Remediation

Patch Available

https://github.com/TeX-Live/texlive-source/pull/63

Event History

Feb 20, 2024

CVE Published

via MITRE·12:00 AM

Data Sourced

via MITRE·12:00 AM

Description

Feb 29, 2024

Data Sourced

via NVD·01:44 AM

Description

Data Sourced

via NVD·01:44 AM

SeverityWeakness

Mar 14, 2024

Data Sourced

via Launchpad·02:00 PM

Description

Parent advisories

This vulnerability appears in the following advisories.

USN-6695-1

Frequently Asked Questions

What is the severity of CVE-2024-25262?

CVE-2024-25262 has been classified with a severity level that could allow attackers to cause a Denial of Service (DoS).

How do I fix CVE-2024-25262?

To fix CVE-2024-25262, update texlive-bin to any of the patched versions: 2019.20190605.51237-3ubuntu0.2, 2021.20210626.59705-1ubuntu0.2, 2023.20230311.66589-6ubuntu0.1, or 2023.20230311.66589-9.

What causes CVE-2024-25262?

CVE-2024-25262 is caused by a heap buffer overflow in the function ttfLoadHDMX:ttfdump while processing a crafted TTF file.

Which versions of texlive-bin are affected by CVE-2024-25262?

CVE-2024-25262 affects versions of texlive-bin prior to the specific patched releases listed in the fix.

Can CVE-2024-25262 lead to data breaches?

While CVE-2024-25262 primarily enables Denial of Service attacks, it does not directly lead to data breaches.

CVE-2024-25262: Buffer Overflow

Affected Software

Remediation

Patch Available

Event History

Parent advisories

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2024-25262?

How do I fix CVE-2024-25262?

What causes CVE-2024-25262?

Which versions of texlive-bin are affected by CVE-2024-25262?

Can CVE-2024-25262 lead to data breaches?

Company

Resources

Contact