// For flags

CVE-2007-2754

freetype integer overflow

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.

Error de presencia de signo en entero en truetype/ttgload.c de Freetype 2.3.4 y versiones anteriores podría permitir a atacantes remotos ejecutar código de su elección mediante una imagen TTF manipulada con un valor n_points negativo, lo que conduce a un desbordamiento de entero y desbordamiento de búfer basado en montículo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-05-17 CVE Reserved
  • 2007-05-17 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-190: Integer Overflow or Wraparound
CAPEC
References (62)
URL Tag Source
http://osvdb.org/36509 Vdb Entry
http://secunia.com/advisories/25350 Third Party Advisory
http://secunia.com/advisories/25353 Third Party Advisory
http://secunia.com/advisories/25386 Third Party Advisory
http://secunia.com/advisories/25463 Third Party Advisory
http://secunia.com/advisories/25483 Third Party Advisory
http://secunia.com/advisories/25609 Third Party Advisory
http://secunia.com/advisories/25612 Third Party Advisory
http://secunia.com/advisories/25654 Third Party Advisory
http://secunia.com/advisories/25705 Third Party Advisory
http://secunia.com/advisories/25808 Third Party Advisory
http://secunia.com/advisories/25894 Third Party Advisory
http://secunia.com/advisories/25905 Third Party Advisory
http://secunia.com/advisories/26129 Third Party Advisory
http://secunia.com/advisories/26305 Third Party Advisory
http://secunia.com/advisories/28298 Third Party Advisory
http://secunia.com/advisories/30161 Third Party Advisory
http://secunia.com/advisories/35074 Third Party Advisory
http://secunia.com/advisories/35200 Third Party Advisory
http://secunia.com/advisories/35204 Third Party Advisory
http://secunia.com/advisories/35233 Third Party Advisory
http://support.apple.com/kb/HT3549 X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2007-330.htm X_refsource_confirm
http://www.securityfocus.com/archive/1/469463/100/200/threaded Mailing List
http://www.securityfocus.com/archive/1/471286/30/6180/threaded Mailing List
http://www.securityfocus.com/bid/24074 Vdb Entry
http://www.securitytracker.com/id?1018088 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA09-133A.html Third Party Advisory
http://www.vupen.com/english/advisories/2007/1894 Vdb Entry
http://www.vupen.com/english/advisories/2007/2229 Vdb Entry
http://www.vupen.com/english/advisories/2008/0049 Vdb Entry
http://www.vupen.com/english/advisories/2009/1297 Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=502565 X_refsource_confirm
https://issues.rpath.com/browse/RPL-1390 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11325 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5532 Signature
URL Date SRC
http://lists.gnu.org/archive/html/freetype-devel/2007-04/msg00041.html 2024-08-07
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240200 2024-08-07
URL Date SRC
http://cvs.savannah.nongnu.org/viewvc/freetype2/src/truetype/ttgload.c?root=freetype&r1=1.177&r2=1.178 2023-02-13
URL Date SRC
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc 2023-02-13
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html 2023-02-13
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html 2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102967-1 2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103171-1 2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200033-1 2023-02-13
http://www.debian.org/security/2007/dsa-1302 2023-02-13
http://www.debian.org/security/2007/dsa-1334 2023-02-13
http://www.gentoo.org/security/en/glsa/glsa-200705-22.xml 2023-02-13
http://www.gentoo.org/security/en/glsa/glsa-200707-02.xml 2023-02-13
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml 2023-02-13
http://www.mandriva.com/security/advisories?name=MDKSA-2007:121 2023-02-13
http://www.novell.com/linux/security/advisories/2007_41_freetype2.html 2023-02-13
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.018.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2007-0403.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2009-0329.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2009-1062.html 2023-02-13
http://www.trustix.org/errata/2007/0019 2023-02-13
http://www.ubuntu.com/usn/usn-466-1 2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html 2023-02-13
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html 2023-02-13
https://access.redhat.com/security/cve/CVE-2007-2754 2009-05-22
https://bugzilla.redhat.com/show_bug.cgi?id=240200 2009-05-22
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Freetype
Search vendor "Freetype"
 Freetype
Search vendor "Freetype" for product "Freetype"
 <= 2.3.4
Search vendor "Freetype" for product "Freetype" and version " <= 2.3.4"
-
Affected