OSV-2018-226

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/freetype2/OSV-2018-226.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2018-226

Published

2021-01-13T00:01:33.631607Z

Modified

2022-04-13T03:04:34.871954Z

Summary

Heap-buffer-overflow in pcf_get_encodings

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9561

Crash type: Heap-buffer-overflow READ 1
Crash state:
pcf_get_encodings
pcf_load_font
PCF_Face_Init

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9561

Affected packages

OSS-Fuzz / freetype2

Package

Name: freetype2
Purl: pkg:generic/freetype2

Affected ranges

Type: GIT
Repo: https://github.com/freetype/freetype2-testing.git
Events: Introduced

53e3af654d5491e6481747a28d425cda3f73cb12

Fixed

1f744836ee1bb7b9c0c22b32f55eec9f96160563

Ecosystem specific

{
    "severity": "MEDIUM",
    "introduced_range": "20cbff1970d10e1f7086a5ef89ada4229481bb1e:f646e9f4598f261ebcef6f989c883428987f4975",
    "fixed_range": "2e9a544016422f96f9bbedc40e269adc289c78ef:1f744836ee1bb7b9c0c22b32f55eec9f96160563"
}