CVE-2017-7858
Summary
| CVE | CVE-2017-7858 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-04-14 04:59:00 UTC |
| Updated | 2021-01-26 12:33:00 UTC |
| Description | FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 738 - freetype2: Crash in TT_Get_MM_Var - oss-fuzz - Monorail | MISC | bugs.chromium.org | Third Party Advisory, VDB Entry |
| FreeType: Multiple vulnerabilities (GLSA 201706-14) — Gentoo Security | GENTOO | security.gentoo.org | |
| freetype/freetype2.git - The FreeType 2 library | MISC | git.savannah.gnu.org | Patch, Third Party Advisory |
| Oracle Critical Patch Update Advisory - April 2020 | N/A | www.oracle.com | |
| FreeType 2 CVE-2017-7858 Multiple Out Of Bounds Write Denial of Service Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710396 Gentoo Linux FreeType Multiple Vulnerabilities (GLSA 201706-14)