2011-01-08 00:00:18 2021-01-26 13:41:00

Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE
Freetype Freetype * * * * (not an official CPE) Freetype Freetype 2.3.11 * * * (not an official CPE) Freetype Freetype 2.3.10 * * * (not an official CPE) Freetype Freetype 2.3.9 * * * (not an official CPE) Freetype Freetype 2.3.8 * * * (not an official CPE) Freetype Freetype 2.3.7 * * * (not an official CPE) Freetype Freetype 2.3.6 * * * (not an official CPE) Freetype Freetype 2.3.5 * * * (not an official CPE) Freetype Freetype 2.3.4 * * * (not an official CPE) Freetype Freetype 2.3.3 * * * (not an official CPE) Freetype Freetype 2.3.2 * * * (not an official CPE) Freetype Freetype 2.3.1 * * * (not an official CPE) Freetype Freetype 2.3.0 * * * (not an official CPE) Freetype Freetype 2.2.10 * * * (not an official CPE) Freetype Freetype 2.2.1 * * * (not an official CPE) Freetype Freetype 2.2.0 * * * (not an official CPE) Freetype Freetype 2.1.10 * * * (not an official CPE) Freetype Freetype 2.1.9 * * * (not an official CPE) Freetype Freetype 2.1.8 Rc1 * * (not an official CPE) Freetype Freetype 2.1.8 * * * (not an official CPE) Freetype Freetype 2.1.7 * * * (not an official CPE) Freetype Freetype 2.1.6 * * * (not an official CPE) Freetype Freetype 2.1.5 * * * (not an official CPE) Freetype Freetype 2.1.4 * * * (not an official CPE) Freetype Freetype 2.1.3 * * * (not an official CPE) Freetype Freetype 2.1 * * * (not an official CPE) Freetype Freetype 2.0.9 * * * (not an official CPE) Freetype Freetype 2.0.6 * * * (not an official CPE) Freetype Freetype 1.3.1 * * * (not an official CPE)