vendor:
FreeType
by:
Google Security Research
5.5
CVSS
MEDIUM
Heap-based buffer overflow
122
CWE
Product Name: FreeType
Affected Version From: Not provided
Affected Version To: Not provided
Patch Exists: NO
Related CWE: Not provided
CPE: Not provided
Platforms Tested: Not provided
Not provided
Heap-based out-of-bounds memory reads in FreeType
The vulnerability occurs in the handling of the 'cmap' (format 14) SFNT table in FreeType. It allows for heap-based out-of-bounds memory reads. The issue has been reproduced using the current version of freetype2 with a 64-bit build of the ftbench utility compiled with AddressSanitizer. Three proof-of-concept (POC) files triggering the conditions are attached.
Mitigation:
Update to the latest version of FreeType.