Описание
The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.
Ссылки
- Release NotesThird Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitPatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitPatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
EPSS
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.
The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.
The parse_charstrings function in type1/t1load.c in FreeType 2 before ...
The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.
Уязвимость библиотеки FreeType, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
EPSS
7.8 High
CVSS3
6.8 Medium
CVSS2