Home CVE Database CVE-2016-10244

CVE-2016-10244

Description

The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.

Priority: MEDIUM
CVSS v3: 7.8
Publish Date: Mar 6, 2017
Related ID: --
CVSS v2: High
Modified Date: Mar 7, 2017

Find out more about CVE-2016-10244 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- Wind River VxWorks Security Alert CVE-2016-10244 for FreeType 2
Linux 7 CGP Not Vulnerable -- -- Wind River VxWorks Security Alert CVE-2016-10244 for FreeType 2

Comments

freetype

Live chat
Online