sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.
AV:N/AC:M/Au:N/C:P/I:P/A:P
08/02/2015
by Freetype
a year ago
by Fedoraproject
a month ago
by Debian
2 months ago
by Redhat
3 months ago
by Redhat
3 months ago
by Redhat
3 months ago
by Canonical
4 months ago
by Redhat
2 years ago
by Opensuse
3 years ago
by Redhat
7 years ago
by Redhat
7 years ago