OSV-2018-167

Import Source

JSON Data

https://api.osv.dev/v1/vulns/OSV-2018-167

Published

2021-01-13T00:01:10.237774Z

Modified

2022-04-13T03:04:34.938180Z

Summary

Heap-buffer-overflow in cff_parser_run

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9967

Crash type: Heap-buffer-overflow WRITE 1
Crash state:
cff_parser_run
cff_subfont_load
cff_font_load

References

Affected packages

Type: GIT
Repo: https://github.com/freetype/freetype2-testing.git
Events: Introduced

731c059129aeb228ea62d8cad40c71dcaa9530b2

Fixed

6ce9451f110fe00061b23a59da5aaa0c15325da0

Fixed

d61782ce9a88d961912ed43305374848e4d96628

{
    "severity": "HIGH",
    "introduced_range": "f926f1a2f4dbbc61fcae96da71ba65de5280b94d:4fa3193a6e42c6e65bea0698c85d5a4792e2351c"
}

{
    "fixed_range": "2ec74e56d188909f4f4117faa564a8b68d6e22bb:d61782ce9a88d961912ed43305374848e4d96628"
}