CVE-2016-10328: Buffer Overflow

Q: What is the vulnerability ID for this FreeType 2 vulnerability?

The vulnerability ID for this FreeType 2 vulnerability is CVE-2016-10328.

Q: What is the severity of CVE-2016-10328?

The severity of CVE-2016-10328 is critical with a severity value of 9.8.

Q: What software is affected by CVE-2016-10328?

The software affected by CVE-2016-10328 includes FreeType, Oracle Outside In Technology, IBM RDNG, and IBM DOORS Next.

Q: How is CVE-2016-10328 exploited?

CVE-2016-10328 is exploited by sending a specially crafted request to trigger a heap-based buffer overflow.

Q: Are there any references for more information on CVE-2016-10328?

Yes, for more information on CVE-2016-10328, you can refer to the following links: [link1], [link2], [link3].

Published Apr 14, 2017

Updated

FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cffparserrun function in cff/cffparse.c.

Other sources

Freetype 2 is vulnerable to a heap-based buffer overflow, caused by an out-of-bounds write related to the cffparserrun function in cff/cffparse.c. By sending a specially request, a remote attacker could overflow a buffer and execute arbitrary code on the system.

— IBM

Affected Software

6 affected components

FreeType<=2.7

Oracle Outside In Technology=8.5.4

IBM RDNG<=6.0.2

IBM RDNG<=6.0.6.1

IBM RDNG<=6.0.6

IBM DOORS Next<=7.0

Remediation

Patch Available

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=beecf80a6deecbaf5d264d4f864451bde4fe98b8

Event History

Apr 14, 2017

CVE Published

via MITRE·04:30 AM

Data Sourced

via MITRE·04:30 AM

Description

Parent advisories

This vulnerability appears in the following advisories.

IBM-6235162

Frequently Asked Questions

What is the vulnerability ID for this FreeType 2 vulnerability?

The vulnerability ID for this FreeType 2 vulnerability is CVE-2016-10328.

What is the severity of CVE-2016-10328?