Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Freetype Freetype * * * * (not an official CPE)
Freetype Freetype 2.3.11 * * * (not an official CPE)
Freetype Freetype 2.3.10 * * * (not an official CPE)
Freetype Freetype 2.3.9 * * * (not an official CPE)
Freetype Freetype 2.3.8 * * * (not an official CPE)
Freetype Freetype 2.3.7 * * * (not an official CPE)
Freetype Freetype 2.3.6 * * * (not an official CPE)
Freetype Freetype 2.3.5 * * * (not an official CPE)
Freetype Freetype 2.3.4 * * * (not an official CPE)
Freetype Freetype 2.3.3 * * * (not an official CPE)
Freetype Freetype 2.3.2 * * * (not an official CPE)
Freetype Freetype 2.3.1 * * * (not an official CPE)
Freetype Freetype 2.3.0 * * * (not an official CPE)
Freetype Freetype 2.2.10 * * * (not an official CPE)
Freetype Freetype 2.2.1 * * * (not an official CPE)
Freetype Freetype 2.2.0 * * * (not an official CPE)
Freetype Freetype 2.1.10 * * * (not an official CPE)
Freetype Freetype 2.1.9 * * * (not an official CPE)
Freetype Freetype 2.1.8 Rc1 * * (not an official CPE)
Freetype Freetype 2.1.8 * * * (not an official CPE)
Freetype Freetype 2.1.7 * * * (not an official CPE)
Freetype Freetype 2.1.6 * * * (not an official CPE)
Freetype Freetype 2.1.5 * * * (not an official CPE)
Freetype Freetype 2.1.4 * * * (not an official CPE)
Freetype Freetype 2.1.3 * * * (not an official CPE)
Freetype Freetype 2.1 * * * (not an official CPE)
Freetype Freetype 2.0.9 * * * (not an official CPE)
Freetype Freetype 2.0.6 * * * (not an official CPE)
Freetype Freetype 1.3.1 * * * (not an official CPE)