MEDIUM6.8
Уязвимость библиотеки FreeType, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PReferences
ALT-PU-2017-2211-1Package update libfreetype in branch p8
Severity:
Closed issues (9)
HIGH7.5
Уязвимость функции t1_decoder_parse_charstrings библиотеки FreeType, позволяющая нарушителю выполнить запись данных за границами буфера
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
HIGH7.8
The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PCVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HReferences
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7
- http://www.debian.org/security/2017/dsa-3839
- http://www.securityfocus.com/bid/97405
- http://www.securitytracker.com/id/1038090
- http://www.securitytracker.com/id/1038201
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36
- https://security.gentoo.org/glsa/201706-14
- https://source.android.com/security/bulletin/2017-04-01
- https://www.oracle.com/security-alerts/cpuapr2020.html
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7
- http://www.debian.org/security/2017/dsa-3839
- http://www.securityfocus.com/bid/97405
- http://www.securitytracker.com/id/1038090
- http://www.securitytracker.com/id/1038201
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36
- https://security.gentoo.org/glsa/201706-14
- https://source.android.com/security/bulletin/2017-04-01
- https://www.oracle.com/security-alerts/cpuapr2020.html
CRITICAL9.8
FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=beecf80a6deecbaf5d264d4f864451bde4fe98b8
- http://savannah.nongnu.org/bugs/?func=detailitem&item_id=49858
- http://www.securityfocus.com/bid/97677
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289
- https://security.gentoo.org/glsa/201706-14
- https://www.oracle.com/security-alerts/cpuapr2020.html
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=beecf80a6deecbaf5d264d4f864451bde4fe98b8
- http://savannah.nongnu.org/bugs/?func=detailitem&item_id=49858
- http://www.securityfocus.com/bid/97677
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289
- https://security.gentoo.org/glsa/201706-14
- https://www.oracle.com/security-alerts/cpuapr2020.html
CRITICAL9.8
FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7bbb91fbf47fc0775cc9705673caf0c47a81f94b
- http://www.securityfocus.com/bid/97680
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=759
- https://security.gentoo.org/glsa/201706-14
- https://www.oracle.com/security-alerts/cpuapr2020.html
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7bbb91fbf47fc0775cc9705673caf0c47a81f94b
- http://www.securityfocus.com/bid/97680
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=759
- https://security.gentoo.org/glsa/201706-14
- https://www.oracle.com/security-alerts/cpuapr2020.html
CRITICAL9.8
FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=779309744222a736eba0f1731e8162fce6288d4e
- http://www.securityfocus.com/bid/97682
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=738
- https://security.gentoo.org/glsa/201706-14
- https://www.oracle.com/security-alerts/cpuapr2020.html
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=779309744222a736eba0f1731e8162fce6288d4e
- http://www.securityfocus.com/bid/97682
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=738
- https://security.gentoo.org/glsa/201706-14
- https://www.oracle.com/security-alerts/cpuapr2020.html
CRITICAL9.8
FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c.
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=e6699596af5c5d6f0ae0ea06e19df87dce088df8
- http://www.securityfocus.com/bid/97673
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=509
- https://security.gentoo.org/glsa/201706-14
- https://www.oracle.com/security-alerts/cpuapr2020.html
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=e6699596af5c5d6f0ae0ea06e19df87dce088df8
- http://www.securityfocus.com/bid/97673
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=509
- https://security.gentoo.org/glsa/201706-14
- https://www.oracle.com/security-alerts/cpuapr2020.html
CRITICAL9.8
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791
- http://www.debian.org/security/2017/dsa-3839
- http://www.securityfocus.com/bid/99093
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
- https://security.gentoo.org/glsa/201706-14
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791
- http://www.debian.org/security/2017/dsa-3839
- http://www.securityfocus.com/bid/99093
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
- https://security.gentoo.org/glsa/201706-14
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
CRITICAL9.8
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
- http://www.debian.org/security/2017/dsa-3839
- http://www.securityfocus.com/bid/99091
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
- https://security.gentoo.org/glsa/201706-14
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
- http://www.debian.org/security/2017/dsa-3839
- http://www.securityfocus.com/bid/99091
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941
- https://security.gentoo.org/glsa/201706-14
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html