Search for vulnerabilities
Vulnerability details: VCID-j8rx-2gzp-aaaq
Vulnerability ID VCID-j8rx-2gzp-aaaq
Aliases CVE-2007-2754
Summary Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0403
rhas Important https://access.redhat.com/errata/RHSA-2009:0329
rhas Important https://access.redhat.com/errata/RHSA-2009:1062
epss 0.46358 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.4744 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.62245 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.62245 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.62245 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.62245 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.62245 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.62245 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.62245 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.62245 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.62245 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.62245 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.62245 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.62245 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.90144 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.90144 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.90144 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
epss 0.90144 https://api.first.org/data/v1/epss?cve=CVE-2007-2754
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=240200
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2007-2754
Reference id Reference type URL
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
http://cvs.savannah.nongnu.org/viewvc/freetype2/src/truetype/ttgload.c?root=freetype&r1=1.177&r2=1.178
http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.gnu.org/archive/html/freetype-devel/2007-04/msg00041.html
http://osvdb.org/36509
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2754.json
https://api.first.org/data/v1/epss?cve=CVE-2007-2754
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240200
https://bugzilla.redhat.com/show_bug.cgi?id=502565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754
http://secunia.com/advisories/25350
http://secunia.com/advisories/25353
http://secunia.com/advisories/25386
http://secunia.com/advisories/25463
http://secunia.com/advisories/25483
http://secunia.com/advisories/25609
http://secunia.com/advisories/25612
http://secunia.com/advisories/25654
http://secunia.com/advisories/25705
http://secunia.com/advisories/25808
http://secunia.com/advisories/25894
http://secunia.com/advisories/25905
http://secunia.com/advisories/26129
http://secunia.com/advisories/26305
http://secunia.com/advisories/28298
http://secunia.com/advisories/30161
http://secunia.com/advisories/35074
http://secunia.com/advisories/35200
http://secunia.com/advisories/35204
http://secunia.com/advisories/35233
https://issues.rpath.com/browse/RPL-1390
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11325
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5532
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102967-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103171-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200033-1
http://support.apple.com/kb/HT3549
http://support.avaya.com/elmodocs2/security/ASA-2007-330.htm
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html
http://www.debian.org/security/2007/dsa-1302
http://www.debian.org/security/2007/dsa-1334
http://www.gentoo.org/security/en/glsa/glsa-200705-22.xml
http://www.gentoo.org/security/en/glsa/glsa-200707-02.xml
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:121
http://www.novell.com/linux/security/advisories/2007_41_freetype2.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.018.html
http://www.redhat.com/support/errata/RHSA-2007-0403.html
http://www.redhat.com/support/errata/RHSA-2009-0329.html
http://www.redhat.com/support/errata/RHSA-2009-1062.html
http://www.securityfocus.com/archive/1/469463/100/200/threaded
http://www.securityfocus.com/archive/1/471286/30/6180/threaded
http://www.securityfocus.com/bid/24074
http://www.securitytracker.com/id?1018088
http://www.trustix.org/errata/2007/0019/
http://www.ubuntu.com/usn/usn-466-1
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2007/1894
http://www.vupen.com/english/advisories/2007/2229
http://www.vupen.com/english/advisories/2008/0049
http://www.vupen.com/english/advisories/2009/1297
240200 https://bugzilla.redhat.com/show_bug.cgi?id=240200
425625 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=425625
cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*
CVE-2007-2754 https://nvd.nist.gov/vuln/detail/CVE-2007-2754
GLSA-200705-22 https://security.gentoo.org/glsa/200705-22
GLSA-200707-02 https://security.gentoo.org/glsa/200707-02
GLSA-201006-01 https://security.gentoo.org/glsa/201006-01
RHSA-2007:0403 https://access.redhat.com/errata/RHSA-2007:0403
RHSA-2009:0329 https://access.redhat.com/errata/RHSA-2009:0329
RHSA-2009:1062 https://access.redhat.com/errata/RHSA-2009:1062
USN-466-1 https://usn.ubuntu.com/466-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-2754
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.9653
EPSS Score 0.46358
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.