{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2023-2004", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2023-05-26T00:00:00", "dateRejected": "2023-05-26T00:00:00", "dateReserved": "2023-04-12T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-05-26T00:00:00"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}], "id": "CVE-2023-2004", "lastModified": "2023-11-07T04:11:40.947", "metrics": {}, "published": "2023-04-14T21:15:08.547", "references": [], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Rejected"}

{"affected_release": [{"advisory": "RHSA-2023:5734", "cpe": "cpe:/a:redhat:openjdk:11", "package": "java-11-openjdk-portable", "product_name": "Red Hat Build of OpenJDK 11.0.21", "release_date": "2023-10-18T00:00:00Z"}, {"advisory": "RHSA-2023:5745", "cpe": "cpe:/a:redhat:openjdk:17", "package": "java-17-openjdk-portable", "product_name": "Red Hat Build of OpenJDK 17.0.9", "release_date": "2023-10-18T00:00:00Z"}], "bugzilla": {"description": "freetype: integer overflowin in tt_hvadvance_adjust() in src/truetype/ttgxvar.c", "id": "2186428", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186428"}, "csaw": false, "cvss3": {"cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "status": "verified"}, "cwe": "CWE-190", "details": ["An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c. This flaw causes an application to crash or leads to a denial of service."], "name": "CVE-2023-2004", "package_state": [{"cpe": "cpe:/a:redhat:openjdk:1.8", "fix_state": "Affected", "package_name": "java-11-openjdk-portable", "product_name": "Red Hat build of OpenJDK 1.8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "freetype", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "freetype", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "freetype", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "java-11-openjdk", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "java-17-openjdk", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "freetype", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "java-11-openjdk", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "java-17-openjdk", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libreoffice:flatpak/java-11-openjdk", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-11-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-2004\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2004\nhttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462"], "statement": "Red Hat Product Security does not consider this to be a vulnerability.", "upstream_fix": "freetype 2.13.0"}