suse · CVE-2017-7858

Quick triage

Priority: medium Published: 2021-05-30 13:55:42 UTC Updated: 2025-05-01 01:21:03 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-7858 severity moderate: SUSE including 6 source package names (freetype2, freetype2-32bit, freetype2-devel, freetype2-devel-32bit, libfreetype6, libfreetype6-32bit), 24 product×package rows across 11 product lines (SUSE Linux Enterprise Desktop 12 SP1, SUSE Linux Enterprise Server 11 SP1 for Teradata, … (11 product lines)): Known Not Affected 24.

Description:

FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.

cvelogic Threat Intelligence