7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.036 Low
EPSS
Percentile
91.6%
Secunia reports:
Some vulnerabilities have been reported in FreeType, which can be
exploited by malicious people to potentially compromise an application
using the library.
An integer overflow error within the βcff_charset_compute_cids()β
function in cff/cffload.c can be exploited to potentially cause a
heap-based buffer overflow via a specially crafted font.
Multiple integer overflow errors within validation functions in
sfnt/ttcmap.c can be exploited to bypass length validations and
potentially cause buffer overflows via specially crafted fonts.
An integer overflow error within the βft_smooth_render_generic()β
function in smooth/ftsmooth.c can be exploited to potentially cause a
heap-based buffer overflow via a specially crafted font.