Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.
Max CVSS
6.8
EPSS Score
1.79%
Published
2010-08-19
Updated
2023-02-13
FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
Max CVSS
6.8
EPSS Score
2.28%
Published
2010-08-19
Updated
2021-04-06
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.
Max CVSS
6.8
EPSS Score
0.35%
Published
2010-08-19
Updated
2023-02-13
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
Max CVSS
6.8
EPSS Score
0.41%
Published
2010-08-19
Updated
2021-04-06
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
Max CVSS
6.5
EPSS Score
1.96%
Published
2010-06-30
Updated
2023-02-13
5 vulnerabilities found