Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Freetype | Freetype | 1.3.1 (including) | 1.3.1 (including) |
Freetype | Freetype | 2.3.3 (including) | 2.3.3 (including) |
Freetype | Freetype | 2.3.4 (including) | 2.3.4 (including) |
Freetype | Freetype | 2.3.5 (including) | 2.3.5 (including) |