Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-35065
CVE-2022-35065:
NixOS vulnerability analysis and mitigation
Overview
CVE-2022-35065 affects OTFCC software at commit 617837b, where a segmentation violation was discovered via /release-x64/otfccdump+0x65f724 (Debian Security). The vulnerability impacts various Debian releases including bookworm, trixie, and sid versions of the texlive-bin package.
Technical details
The vulnerability manifests as a segmentation violation in the OTFCC software, specifically triggered through the otfccdump utility at memory address 0x65f724 (Debian Security). The issue affects the texlive-bin package in multiple Debian distributions, with versions 2022.20220321.62855-5.1+deb12u2, 2024.20240313.70630+ds-5, and 2024.20240313.70630+ds-6 being vulnerable.
Impact
The vulnerability appears to be a crash in a CLI tool with no significant security impact, as noted in the Debian security tracker (Debian Security).
Mitigation and workarounds
Fixed versions have been released for some Debian distributions. Specifically, the vulnerability has been addressed in bullseye with versions 2020.20200327.54578-7+deb11u1 and 2020.20200327.54578-7+deb11u2 (Debian Security).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management