Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2007-2754

Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.

  • Published: May 18, 2007
  • Updated: Apr 13, 2023
  • CVE: CVE-2007-2754
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
freetype / freetype - 2.3.4.x