Vulnerability Description
The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freetype | Freetype | <= 2.3.3 |
References
- http://cvs.savannah.nongnu.org/viewvc/freetype2/src/base/ftbitmap.c?root=freetyp
- http://savannah.nongnu.org/bugs/index.php?19536
- http://secunia.com/advisories/25884Vendor Advisory
- http://www.securityfocus.com/bid/24708
- https://sourceforge.net/project/shownotes.php?group_id=3157&release_id=499970Patch
- http://cvs.savannah.nongnu.org/viewvc/freetype2/src/base/ftbitmap.c?root=freetyp
- http://savannah.nongnu.org/bugs/index.php?19536
- http://secunia.com/advisories/25884Vendor Advisory
- http://www.securityfocus.com/bid/24708
- https://sourceforge.net/project/shownotes.php?group_id=3157&release_id=499970Patch
FAQ
What is CVE-2007-3506?
CVE-2007-3506 is a vulnerability with a CVSS score of 7.5 (HIGH). The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors...
How severe is CVE-2007-3506?
CVE-2007-3506 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3506?
Check the references section above for vendor advisories and patch information. Affected products include: Freetype Freetype.