Freetype : Security Vulnerabilities, CVEs, Published In 2016
The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font.
Max CVSS
7.5
EPSS Score
1.69%
Published
2016-06-07
Updated
2016-06-08
The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font.
Max CVSS
9.8
EPSS Score
2.55%
Published
2016-06-07
Updated
2018-07-19
2 vulnerabilities found