An integer signedness flaw, leading to a heap-based buffer overflow, was found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | freetype | 2015-04-01 13:56 | ALAS-2015-502 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
NVD | CVSSv2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |