Control: unarchive -1 Control: tags -1 + bookworm sid On Fri, 06 May 2022 at 15:25:00 +0100, Neil Williams wrote: > CVE-2022-27470[0]: > | SDL_ttf v2.0.18 and below was discovered to contain an arbitrary > | memory write via the function TTF_RenderText_Solid(). This > | vulnerability is triggered via a crafted TTF file.
buster and bullseye (which happen to have an identical libsdl2-ttf version) do not appear to be vulnerable to this. The code that has the overflow seems to have been introduced in commit 31589bd "Wrapped functions, Optimized routines, Lsb/Rsb positioning, Subpixel Hinting" shortly after 2.0.15, so it isn't in buster or bullseye. I haven't looked at stretch, which has an even older version, but I suspect the same is true there. smcv