Insyde Security Advisory 2023048

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023048 Software - 7.5 08/08/2023 08/08/2023

Summary:

Upgrade FreeType Build Tool to version 2.13.0.

Vulnerability Details:

Upgrade FreeType Build Tool to version 2.13.0 which addressed following vulnerability.

CVE-2023-2004
CVSS:7.5
Description: An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c.
(InsydeH2O is not affected by this vulnerability)

Solution Information:
Kernel 5.2: Version 05.28.19
Kernel 5.3: Version 05.37.19
Kernel 5.4: Version 05.45.19
Kernel 5.5: Version 05.53.19
Kernel 5.6: Version 05.60.19

Revision History:

Revision Date Description
1.0 08/08/2023 Initial Release
-- -- --

Return to Insyde's Security Pledge