Heap-Based Buffer Overflow in FreeType 2 Affects Multiple Products
CVE-2017-7864

9.8CRITICAL

Key Information:

Vendor
Freetype
Status
Freetype
Vendor
CVE Published:
14 April 2017

Summary

FreeType 2 prior to February 2, 2017, is susceptible to an out-of-bounds write due to a heap-based buffer overflow, specifically linked to the tt_size_reset function in truetype/ttobjs.c. This vulnerability could potentially allow an attacker to execute arbitrary code, leading to further compromise of the system. It is crucial for users to update to the latest version to safeguard their systems against exploitation.

References

http://www.securityfocus.com/bid/97673
vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201706-14
vendor-advisoryx_refsource_GENTOO
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/c...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.