Freetype
Monthly
Out-of-bounds memory read in FreeType 2.13.2 and 2.13.3 occurs during parsing of OpenType variable font tables (HVAR/VVAR/MVAR) due to an integer overflow in the tt_var_load_item_variation_store function. Local attackers with user interaction can exploit this by crafting malicious font files to trigger the vulnerability and read sensitive memory. The issue is resolved in FreeType 2.14.2.
FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Out-of-bounds memory read in FreeType 2.13.2 and 2.13.3 occurs during parsing of OpenType variable font tables (HVAR/VVAR/MVAR) due to an integer overflow in the tt_var_load_item_variation_store function. Local attackers with user interaction can exploit this by crafting malicious font files to trigger the vulnerability and read sensitive memory. The issue is resolved in FreeType 2.14.2.
FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.