Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

SDL_ttf: Arbitrary Memory Write — GLSA 202407-02

A vulnerability has been discovered in SDL_ttf, which can lead to arbitrary memory writes.

Affected packages

Package media-libs/sdl2-ttf on all architectures
Affected versions < 2.20.0
Unaffected versions >= 2.20.0

Background

SDL_ttf is a wrapper around the FreeType and Harfbuzz libraries, allowing you to use TrueType fonts to render text in SDL applications.

Description

A vulnerability has been discovered in SDL_ttf. Please review the CVE identifier referenced below for details.

Impact

SDL_ttf was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.

Workaround

There is no known workaround at this time.

Resolution

All SDL_ttf users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/sdl2-ttf-2.20.0"

References

Release date
July 01, 2024

Latest revision
July 01, 2024: 1

Severity
normal

Exploitable
local and remote

Bugzilla entries