Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-5670
HistoryDec 31, 2012 - 12:00 a.m.

CVE-2012-5670

2012-12-3100:00:00
ubuntu.com
ubuntu.com
8

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

84.5%

The _bdf_parse_glyphs function in FreeType before 2.4.11 allows
context-dependent attackers to cause a denial of service (out-of-bounds
write and crash) via vectors related to BDF fonts and an ENCODING field
with a negative value.

Bugs

Notes

Author Note
mdeslaur introduced by http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/bdf/bdflib.c?id=03242f58c4bf7226276d8e4e7cb106045319e517 so only in 2.4.9+
OSVersionArchitecturePackageVersionFilename
ubuntu12.10noarchfreetype< 2.4.10-0ubuntu1.1UNKNOWN

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

84.5%