{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-15T21:06:41", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-201706-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201706-14"}, {"tags": ["x_refsource_MISC"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941"}, {"name": "DSA-3839", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3839"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"name": "99091", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99091"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-8287", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201706-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201706-14"}, {"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0", "refsource": "MISC", "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0"}, {"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941", "refsource": "MISC", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941"}, {"name": "DSA-3839", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3839"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"name": "99091", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99091"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:34:21.686Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201706-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201706-14"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941"}, {"name": "DSA-3839", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3839"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"name": "99091", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99091"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-8287", "datePublished": "2017-04-27T00:00:00", "dateReserved": "2017-04-26T00:00:00", "dateUpdated": "2024-08-05T16:34:21.686Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEEA3966-EA75-48BB-8D9C-3C834BA9CC8A", "versionEndIncluding": "2.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c."}, {"lang": "es", "value": "FreeType 2 antes de 2017-03-26 tiene una escritura fuera de l\u00edmites causada por un desbordamiento de b\u00fafer basado en heap relacionado con la funci\u00f3n t1_builder_close_contour en psaux / psobjs.c."}], "id": "CVE-2017-8287", "lastModified": "2024-11-21T03:33:42.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-27T00:59:00.320", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2017/dsa-3839"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/99091"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201706-14"}, {"source": "cve@mitre.org", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "cve@mitre.org", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2017/dsa-3839"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/99091"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201706-14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "freetype: heap-based buffer overflow related to the t1_builder_close_contour function", "id": "1446073", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446073"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-122", "details": ["FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c."], "name": "CVE-2017-8287", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "freetype", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "freetype", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "freetype", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_linux:7::hypervisor", "fix_state": "Under investigation", "package_name": "mingw-virt-viewer", "product_name": "Red Hat Enterprise Virtualization 3"}], "public_date": "2017-03-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-8287\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8287"], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}