EPSS
Percentile
73.3%
freetype is vulnerable to denial of service. A heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c allows an attacker to crash the application.
tt_cmap14_validate
sfnt/ttcmap.c
git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=57cbb8c148999ba8f14ed53435fc071ac9953afd
lists.debian.org/debian-lts-announce/2019/09/msg00002.html
savannah.nongnu.org/bugs/?46346
usn.ubuntu.com/4126-1/
usn.ubuntu.com/4126-2/