7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.137 Low
EPSS
Percentile
95.7%
FreeType is a portable font engine.
Multiple integer overflows exist in a variety of files (bdf/bdflib.c, sfnt/ttcmap.c, cff/cffgload.c, base/ftmac.c).
A remote attacker could exploit these buffer overflows by enticing a user to load a specially crafted font, which could result in the execution of arbitrary code.
There is no known workaround at this time.
All FreeType users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/freetype-2.1.10-r2"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | media-libs/freetype | < 2.1.10-r2 | UNKNOWN |