Multiple integer overflows in FreeType prior to 2.2 allow remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
freetype freetype 2.1.9 |
||
freetype freetype 2.1.10 |
||
freetype freetype 2.1.5 |
||
freetype freetype 2.1.8 |
||
freetype freetype 2.1.3 |
||
freetype freetype 2.1.6 |
||
freetype freetype 2.0.9 |
||
freetype freetype 2.1.7 |
||
freetype freetype 2.1.4 |