CVE-2016-10328

NameCVE-2016-10328
DescriptionFreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freetype (PTS)bullseye2.10.4+dfsg-1+deb11u1fixed
bookworm2.12.1+dfsg-5+deb12u3fixed
sid, trixie2.13.3+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freetypesource(unstable)(not affected)

Notes

- freetype <not-affected> (Only affected head for about a day, see bug #860303)
Introduced with: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=010e0614f2effe058855aacfc3e61c71e1cb5739
Fixed with http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=beecf80a6deecbaf5d264d4f864451bde4fe98b8
http://savannah.nongnu.org/bugs/?func=detailitem&item_id=49858
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289

Search for package or bug name: Reporting problems