[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80130

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2017-8287

Date: (C)2017-05-02   (M)2017-12-07 


FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.

CVSS Score: 7.5Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
DSA-3839
GLSA-201706-14
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941

CPE    1
cpe:/a:freetype:freetype2:2.7.1
CWE    1
CWE-119
OVAL    5
oval:org.secpod.oval:def:112339
oval:org.secpod.oval:def:112334
oval:org.secpod.oval:def:602864
oval:org.secpod.oval:def:703614
...

© 2013 SecPod Technologies