Buffer Over-read in FreeType Affects Multiple Platforms
CVE-2015-9382

6.5MEDIUM

Key Information:

Vendor
Freetype
Status
Freetype
Vendor
CVE Published:
3 September 2019

Summary

A vulnerability in FreeType Library prior to version 2.6.1 results in a buffer over-read during the execution of the 'skip_comment' function in 'psaux/psobjs.c'. This flaw is caused by improper handling of the 'ps_parser_skip_PS_token' within an 'FT_New_Memory_Face' operation, which may expose applications to potential exploitation avenues.

References

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/c...
x_refsource_MISC
https://savannah.nongnu.org/bugs/?45922
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2019/09/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.