Lucene search

GoogleOSV:ASB-A-278221085

HistoryAug 01, 2023 - 12:00 a.m.

Heap buffer overflow in FreeType

2023-08-0100:00:00

Google

osv.dev

freetype

buffer overflow

code execution

remote access

type confusion

software

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.5%

JSON

In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/external/freetypeeq12
platform/external/freetypeeq12L
platform/external/freetypeeq13
platform/external/freetypeeq11

Name	Operator	Version
platform/external/freetype	eq	12
platform/external/freetype	eq	12L
platform/external/freetype	eq	13
platform/external/freetype	eq	11

References

android.googlesource.com/platform/external/freetype/+/a79e80a25874dacaa266906a9048f13d4bac41c6

source.android.com/security/bulletin/2023-08-01

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.5%

JSON

Related for OSV:ASB-A-278221085