Heap-based Buffer Overflow in FreeType 2 Affects Multiple Versions
CVE-2016-10328

9.8CRITICAL

Key Information:

Vendor

Freetype

Status
Freetype
Vendor
CVE Published:
14 April 2017

What is CVE-2016-10328?

FreeType 2 prior to December 16, 2016, contains a vulnerability due to an out-of-bounds write stemming from a heap-based buffer overflow in the cff_parser_run function. This issue can lead to potential exploitation, compromising system integrity. Users are advised to update to patched versions to mitigate the vulnerabilities.

References

https://security.gentoo.org/glsa/201706-14
vendor-advisoryx_refsource_GENTOO
http://savannah.nongnu.org/bugs/?func=detailitem&item_id=...
x_refsource_MISC
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.