Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
Freetype Freetype * * * * (not an official CPE)
Freetype Freetype 2.3.11 * * * (not an official CPE)
Freetype Freetype 2.3.10 * * * (not an official CPE)
Freetype Freetype 2.3.9 * * * (not an official CPE)
Freetype Freetype 2.3.8 * * * (not an official CPE)
Freetype Freetype 2.3.7 * * * (not an official CPE)
Freetype Freetype 2.3.6 * * * (not an official CPE)
Freetype Freetype 2.3.5 * * * (not an official CPE)
Freetype Freetype 2.3.4 * * * (not an official CPE)
Freetype Freetype 2.3.3 * * * (not an official CPE)
Freetype Freetype 2.3.2 * * * (not an official CPE)
Freetype Freetype 2.3.1 * * * (not an official CPE)
Freetype Freetype 2.3.0 * * * (not an official CPE)
Freetype Freetype 2.2.10 * * * (not an official CPE)
Freetype Freetype 2.2.1 * * * (not an official CPE)
Freetype Freetype 2.2.0 * * * (not an official CPE)
Freetype Freetype 2.1.10 * * * (not an official CPE)
Freetype Freetype 2.1.9 * * * (not an official CPE)
Freetype Freetype 2.1.8 * * * (not an official CPE)
Freetype Freetype 2.1.7 * * * (not an official CPE)
Freetype Freetype 2.1.6 * * * (not an official CPE)
Freetype Freetype 2.1.5 * * * (not an official CPE)
Freetype Freetype 2.1.4 * * * (not an official CPE)
Freetype Freetype 2.1.3 * * * (not an official CPE)
Freetype Freetype 2.1 * * * (not an official CPE)
Freetype Freetype 2.0.9 * * * (not an official CPE)
Freetype Freetype 2.0.6 * * * (not an official CPE)
Freetype Freetype 1.3.1 * * * (not an official CPE)