1.05

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

pcf2bdf-project

CWE-1284

NVD

Published: 2022-02-17

Updated: 2023-08-08

Summary

A segmentation fault during PCF file parsing in pcf2bdf versions >=1.05 allows an attacker to trigger a program crash via a specially crafted PCF font file. This crash affects the availability of the software and dependent downstream components.

Vulnerable Configurations

Part	Description	Count
Application	Pcf2Bdf_Project Pcf2Bdf Project Pcf2Bdf 1.04 Pcf2Bdf Project Pcf2Bdf 1.05	2

Common Weakness Enumeration (CWE)

CWE-1284 - Improper Validation of Specified Quantity in Input

References

https://github.com/ganaware/pcf2bdf
https://github.com/ganaware/pcf2bdf/issues/5