FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.05336
Percentile: 0.89617

CVSS Scoring

Affected Products

• cpe:2.3:a:freetype:freetype:1.3.1:*:*:*:*:*:*:*
• cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*
• cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*
• cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*

← Back to Home