CVE-2017-7864
Summary
| CVE | CVE-2017-7864 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-04-14 04:59:00 UTC |
| Updated | 2021-01-26 12:33:00 UTC |
| Description | FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| freetype/freetype2.git - The FreeType 2 library | MISC | git.savannah.gnu.org | Patch, Third Party Advisory |
| FreeType: Multiple vulnerabilities (GLSA 201706-14) — Gentoo Security | GENTOO | security.gentoo.org | |
| 509 - oss-fuzz - OSS-Fuzz: Fuzzing the planet - Monorail | MISC | bugs.chromium.org | Third Party Advisory, VDB Entry |
| FreeType 2 CVE-2017-7864 Out of Bounds Write Heap Buffer Overflow Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Oracle Critical Patch Update Advisory - April 2020 | N/A | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710396 Gentoo Linux FreeType Multiple Vulnerabilities (GLSA 201706-14)