1.05

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

pcf2bdf-project

CWE-787

NVD

Published: 2022-02-17

Updated: 2022-02-25

Summary

A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attacker to trigger unsafe memory access via a specially crafted PCF font file. This out-of-bound read may lead to an application crash, information disclosure via program memory or other context-dependent impact.

Vulnerable Configurations

Part	Description	Count
Application	Pcf2Bdf_Project Pcf2Bdf Project Pcf2Bdf 1.04 Pcf2Bdf Project Pcf2Bdf 1.05	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/ganaware/pcf2bdf
https://github.com/ganaware/pcf2bdf/issues/4