Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
FreeType ‘woff_open_font’函数缓冲区溢出漏洞
Vulnerability Description
FreeType是FreeType团队开发的一个基于C语言的、高质量的且可移植的开源字体引擎库,它可用来将字符栅格化并映射成位图以及提供其他字体相关业务的支持。 FreeType 2.5.4之前版本的sfnt/sfobjs.c文件中的‘woff_open_font’函数存在安全漏洞,该漏洞源于程序处理offset+length计算操作时没有限制‘length’值。远程攻击者可借助特制的Web Open Font Format(WOFF)文件利用该漏洞造成拒绝服务(整数溢出和基于堆的缓冲区溢出)。
CVSS Information
N/A
Vulnerability Type
N/A