{"id":"OESA-2026-2897","summary":"graphite2 security update","details":"Graphite is a system that can be used to create “smart fonts” capable of displaying writing systems with various complex behaviors. A smart font contains not only letter shapes but also additional instructions indicating how to combine and position the letters in complex ways.\r\n\r\nSecurity Fix(es):\n\nGraphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range.(CVE-2026-50593)","modified":"2026-07-09T13:00:08.647210133Z","published":"2026-07-09T12:49:43Z","upstream":["CVE-2026-50593"],"database_specific":{"severity":"High"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2897"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-50593"}],"affected":[{"package":{"name":"graphite2","ecosystem":"openEuler:24.03-LTS-SP1","purl":"pkg:rpm/openEuler/graphite2&distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.14-9.oe2403sp1"}]}],"ecosystem_specific":{"x86_64":["graphite2-1.3.14-9.oe2403sp1.x86_64.rpm","graphite2-debuginfo-1.3.14-9.oe2403sp1.x86_64.rpm","graphite2-debugsource-1.3.14-9.oe2403sp1.x86_64.rpm","graphite2-devel-1.3.14-9.oe2403sp1.x86_64.rpm"],"aarch64":["graphite2-1.3.14-9.oe2403sp1.aarch64.rpm","graphite2-debuginfo-1.3.14-9.oe2403sp1.aarch64.rpm","graphite2-debugsource-1.3.14-9.oe2403sp1.aarch64.rpm","graphite2-devel-1.3.14-9.oe2403sp1.aarch64.rpm"],"src":["graphite2-1.3.14-9.oe2403sp1.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2026-2897.json"}}],"schema_version":"1.7.5"}