OSV-2018-100

Import Source

JSON Data

https://api.osv.dev/v1/vulns/OSV-2018-100

Published

2021-01-13T00:00:43.817225Z

Modified

2022-04-13T03:04:34.877739Z

Summary

Heap-buffer-overflow in cff_parser_run

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10869

Crash type: Heap-buffer-overflow WRITE 1
Crash state:
cff_parser_run
cff_subfont_load
cff_font_load

References

Affected packages

Type: GIT
Repo: https://github.com/freetype/freetype2-testing.git
Events: Introduced

0c256f6e16eb73be1aef98197755e0e6bb4c56a9

Fixed

7e045f03edb2a34b731c999c586a03a914502d88

{
    "severity": "HIGH",
    "fixed_range": "08b711d0182229d7e0a1e52cecf73660cb95addb:7e045f03edb2a34b731c999c586a03a914502d88"
}