Описание
FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.
A flaw was found in FreeType. In certain versions, specially crafted input may trigger an integer overflow condition. This issue can cause an application crash, leading to a denial of service.
Отчет
No Red Hat products ship an affected version of FreeType.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of OpenJDK 11 | java-11-openjdk-portable | Not affected | ||
| Red Hat build of OpenJDK 17 | java-17-openjdk-portable | Not affected | ||
| Red Hat build of OpenJDK 21 | java-21-openjdk-portable-rhel7 | Not affected | ||
| Red Hat Enterprise Linux 10 | freetype | Not affected | ||
| Red Hat Enterprise Linux 10 | java-21-openjdk | Not affected | ||
| Red Hat Enterprise Linux 6 | freetype | Not affected | ||
| Red Hat Enterprise Linux 7 | freetype | Not affected | ||
| Red Hat Enterprise Linux 8 | freetype | Not affected | ||
| Red Hat Enterprise Linux 8 | java-17-openjdk | Not affected | ||
| Red Hat Enterprise Linux 8 | java-21-openjdk | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=2336955freetype: signed integer overflow in cf2_doFlex
5.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 4
ubuntu
около 1 года назад
FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.
CVSS3: 4
nvd
около 1 года назад
FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.
CVSS3: 4
debian
около 1 года назад
FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2i ...
CVSS3: 4
github
около 1 года назад
FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.
5.5 Medium
CVSS3