{"schema_version":"1.7.2","id":"OESA-2026-2896","modified":"2026-07-09T12:49:41Z","published":"2026-07-09T12:49:41Z","upstream":["CVE-2026-50593"],"summary":"graphite2 security update","details":"Graphite is a system that can be used to create “smart fonts” capable of displaying writing systems with various complex behaviors. A smart font contains not only letter shapes but also additional instructions indicating how to combine and position the letters in complex ways.\r\n\r\nSecurity Fix(es):\n\nGraphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range.(CVE-2026-50593)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"graphite2","purl":"pkg:rpm/openEuler/graphite2&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.14-8.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["graphite2-1.3.14-8.oe2203sp4.aarch64.rpm","graphite2-debuginfo-1.3.14-8.oe2203sp4.aarch64.rpm","graphite2-debugsource-1.3.14-8.oe2203sp4.aarch64.rpm","graphite2-devel-1.3.14-8.oe2203sp4.aarch64.rpm"],"src":["graphite2-1.3.14-8.oe2203sp4.src.rpm"],"x86_64":["graphite2-1.3.14-8.oe2203sp4.x86_64.rpm","graphite2-debuginfo-1.3.14-8.oe2203sp4.x86_64.rpm","graphite2-debugsource-1.3.14-8.oe2203sp4.x86_64.rpm","graphite2-devel-1.3.14-8.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2896"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-50593"}],"database_specific":{"severity":"High"}}
