Lucene search

K
freebsdFreeBSDDE2FAB2D-0A37-11DC-AAE2-00304881AC9A
HistoryApr 27, 2007 - 12:00 a.m.

FreeType 2 -- Heap overflow vulnerability

2007-04-2700:00:00
vuxml.freebsd.org
9

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.622 Medium

EPSS

Percentile

97.8%

Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and
earlier might allow remote attackers to execute arbitrary code via a
crafted TTF image with a negative n_points value, which leads to an
integer overflow and heap-based buffer overflow.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreetype2< 2.2.1_2UNKNOWN

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.622 Medium

EPSS

Percentile

97.8%