1.05

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

PARTIAL

network

pcf2bdf-project

CWE-787

NVD

Published: 2022-02-17

Updated: 2022-02-25

Summary

A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attacker to trigger unsafe memory access via a specially crafted PCF font file. This out-of-bound read may lead to an application crash, information disclosure via program memory or other context-dependent impact.

Vulnerable Configurations

Part	Description	Count
Application	Pcf2Bdf_Project Pcf2Bdf Project Pcf2Bdf 1.04 Pcf2Bdf Project Pcf2Bdf 1.05	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/ganaware/pcf2bdf
https://github.com/ganaware/pcf2bdf/issues/4