Описание
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | freetype | Out of support scope | ||
| Red Hat Enterprise Linux 8 | freetype | Not affected | ||
| Red Hat Enterprise Linux 6 | freetype | Fixed | RHSA-2019:4254 | 17.12.2019 |
| Red Hat Enterprise Linux 7 | accountsservice | Fixed | RHSA-2018:3140 | 30.10.2018 |
| Red Hat Enterprise Linux 7 | adwaita-icon-theme | Fixed | RHSA-2018:3140 | 30.10.2018 |
| Red Hat Enterprise Linux 7 | appstream-data | Fixed | RHSA-2018:3140 | 30.10.2018 |
| Red Hat Enterprise Linux 7 | atk | Fixed | RHSA-2018:3140 | 30.10.2018 |
| Red Hat Enterprise Linux 7 | at-spi2-atk | Fixed | RHSA-2018:3140 | 30.10.2018 |
| Red Hat Enterprise Linux 7 | at-spi2-core | Fixed | RHSA-2018:3140 | 30.10.2018 |
| Red Hat Enterprise Linux 7 | baobab | Fixed | RHSA-2018:3140 | 30.10.2018 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1752788freetype: a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c leading to crash
EPSS
Процентиль: 72%
0.00711
Низкий
6.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 8.8
ubuntu
больше 6 лет назад
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.
CVSS3: 8.8
nvd
больше 6 лет назад
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.
CVSS3: 8.8
debian
больше 6 лет назад
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Priv ...
CVSS3: 8.8
github
больше 3 лет назад
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.
EPSS
Процентиль: 72%
0.00711
Низкий
6.5 Medium
CVSS3