CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
97.7%
SecurityTracker reports:
A vulnerability was reported in FreeType. A remote user
can cause arbitrary code to be executed on the target
user’s system.
A remote user can create a specially crafted font file
that, when loaded by the target user’s system, will trigger
an integer underflow or integer overflow and crash the
application or execute arbitrary code on the target system.
Chris Evans reported these vulnerabilities.
Impact: A remote user can create a file that, when loaded
by the target user, will execute arbitrary code on the
target user’s system.