OTFCC code issue vulnerability

OTFCC is Caryll open source a C library and utilities. It is used to parse and write OpenType font files. OTFCC version 0.10.4 contains a code issue vulnerability that stems from a lack of proper validation of user-supplied data in the /x8664-linux-gnu/libc.so.6 0xbb384 file, which can be exploit...

Input validation

OTFCC v0.10.4 was discovered to contain a segmentation violation via /x8664-linux-gnu/libc.so.6+0xbb384...

CVE-2022-35469

OTFCC v0.10.4 was discovered to contain a segmentation violation via /x8664-linux-gnu/libc.so.6+0xbb384...

CVE-2022-35469

OTFCC v0.10.4 was discovered to contain a segmentation violation via /x8664-linux-gnu/libc.so.6+0xbb384...

CVE-2021-46503

Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x8664-linux-gnu/libasan.so.4+0x79732. This vulnerability can lead to a Denial of Service DoS...

CVE-2021-46522

Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via /usr/lib/x8664-linux-gnu/libasan.so.4+0xaff53...

CVE-2021-46503

CVE-2021-46503 affects Jsish v3.5.0 and is described as a heap-use-after-free vulnerability that can cause a Denial of Service (DoS). The issue is reported in the context of Jsish’s C implementation; no exploit details or attack vectors are provided in the linked documents. Connected sources cons...