Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
Vector
NETWORK
Complexity
LOW
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Freetype Freetype * * * * (not an official CPE)
Freetype Freetype 2.3.5 * * * (not an official CPE)
Freetype Freetype 2.3.4 * * * (not an official CPE)
Freetype Freetype 2.3.3 * * * (not an official CPE)
Freetype Freetype 2.2.10 * * * (not an official CPE)
Freetype Freetype 2.2.1 * * * (not an official CPE)
Freetype Freetype 2.2.0 * * * (not an official CPE)
Freetype Freetype 2.1.10 * * * (not an official CPE)
Freetype Freetype 2.1.9 * * * (not an official CPE)
Freetype Freetype 2.1.8 * * * (not an official CPE)
Freetype Freetype 2.1.7 * * * (not an official CPE)
Freetype Freetype 2.1.6 * * * (not an official CPE)
Freetype Freetype 2.1.5 * * * (not an official CPE)
Freetype Freetype 2.1.4 * * * (not an official CPE)
Freetype Freetype 2.1.3 * * * (not an official CPE)
Freetype Freetype 2.1 * * * (not an official CPE)
Freetype Freetype 2.0.9 * * * (not an official CPE)
Freetype Freetype 2.0.6 * * * (not an official CPE)
Freetype Freetype 1.3.1 * * * (not an official CPE)