CVE-2017-8287 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary code execution
Description	FreeType 2 <= 2.7.1 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-258	lib32-freetype2	2.7.1-1	2.7.1-2	High	Fixed
AVG-257	freetype2	2.7.1-1	2.7.1-2	High	Fixed

Date	Advisory	Group	Package	Severity	Type
09 May 2017	ASA-201705-7	AVG-257	freetype2	High	arbitrary code execution
10 May 2017	ASA-201705-10	AVG-258	lib32-freetype2	High	arbitrary code execution

References
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941 https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0