CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
85.6%
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before
2.5.4 does not establish a minimum record size, which allows remote
attackers to cause a denial of service (out-of-bounds read) or possibly
have unspecified other impact via a crafted TrueType font.