JVN/CVE Demo: Nvdinfos

NVD

Id: 54918
Name: CVE-2007-2754
Description: Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.
Reject
CVSS Version: 2
CVSS Score: 6.8
Severity: Medium
CVSS Base Score: 6.8
CVSS Impact Subscore: 6.4
CVSS Exploit Subscore: 8.6
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Pub Date: 2017-01-07
Published: 2007-05-17
Modified Date: 2012-10-30
Seq: 2007-2754

Actions

Related NVD References

Id	NVD Id	NVD No.	Reference	Actions
278690	54918	CVE-2007-2754	20070602-01-P	View
278691	54918	CVE-2007-2754	http://cvs.savannah.nongnu.org/viewvc/freetype2/src/truetype/ttgload.c?root=freetype&r1=1.177&r2=1.178	View
278692	54918	CVE-2007-2754	APPLE-SA-2007-11-14	View
278693	54918	CVE-2007-2754	APPLE-SA-2009-05-12	View
278694	54918	CVE-2007-2754	[ft-devel] 20070427 Bug in fuzzed TTF file	View
278695	54918	CVE-2007-2754	oval:org.mitre.oval:def:11325	View
278696	54918	CVE-2007-2754	oval:org.mitre.oval:def:5532	View
278697	54918	CVE-2007-2754	102967	View
278698	54918	CVE-2007-2754	103171	View
278699	54918	CVE-2007-2754	200033	View
278700	54918	CVE-2007-2754	http://support.apple.com/kb/HT3549	View
278701	54918	CVE-2007-2754	http://support.avaya.com/elmodocs2/security/ASA-2007-330.htm	View
278702	54918	CVE-2007-2754	DSA-1302	View
278703	54918	CVE-2007-2754	DSA-1334	View
278704	54918	CVE-2007-2754	GLSA-200705-22	View
278705	54918	CVE-2007-2754	GLSA-200707-02	View
278706	54918	CVE-2007-2754	GLSA-200805-07	View
278707	54918	CVE-2007-2754	MDKSA-2007:121	View
278708	54918	CVE-2007-2754	SUSE-SA:2007:041	View
278709	54918	CVE-2007-2754	OpenPKG-SA-2007.018	View
278710	54918	CVE-2007-2754	RHSA-2007:0403	View
278711	54918	CVE-2007-2754	RHSA-2009:0329	View
278712	54918	CVE-2007-2754	RHSA-2009:1062	View
278713	54918	CVE-2007-2754	20070524 FLEA-2007-0020-1: freetype	View
278714	54918	CVE-2007-2754	20070613 FLEA-2007-0025-1: openoffice.org	View
278715	54918	CVE-2007-2754	24074	View
278716	54918	CVE-2007-2754	1018088	View
278717	54918	CVE-2007-2754	2007-0019	View
278718	54918	CVE-2007-2754	USN-466-1	View
278719	54918	CVE-2007-2754	TA09-133A	View
278720	54918	CVE-2007-2754	ADV-2007-1894	View
278721	54918	CVE-2007-2754	ADV-2007-2229	View
278722	54918	CVE-2007-2754	ADV-2008-0049	View
278723	54918	CVE-2007-2754	ADV-2009-1297	View
278724	54918	CVE-2007-2754	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240200	View
278725	54918	CVE-2007-2754	https://bugzilla.redhat.com/show_bug.cgi?id=502565	View
278726	54918	CVE-2007-2754	https://issues.rpath.com/browse/RPL-1390	View
278727	54918	CVE-2007-2754	FEDORA-2009-5558	View
278728	54918	CVE-2007-2754	FEDORA-2009-5644	View

Related JVN

Id	Name	Title	Summary	Cveinfo Name	Cveinfo Id	Nvdinfo Name	Nvdinfo Id	Cvssv2	Cvssv3	Jvnurl	Published Date	Last Updated Date	Actions
51774	JVNDB-2007-000437	Freetype における不正な TTF ファイル処理による整数オーバーフローの脆弱性	Freetype の truetype/ttgload.c には、マイナス値が n_points に設定されている不正な TrueTypeフォント (TTF) ファイルを処理した際に、整数オーバーフローおよびヒープオーバーフローが発生する脆弱性が存在します。	CVE-2007-2754	26109	CVE-2007-2754	54918	6.8		http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000437.html	2007-04-27	2009-06-29	View

Message	Memory use
Component initialization	1.38 MB
Controller action start	1.48 MB
Controller render start	2.33 MB
View render complete	25.70 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.72
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	266.23
Event: Controller.beforeRender	4.58
» Processing toolbar data	4.50
Rendering View	1110.30
» Event: View.beforeRender	0.02
» Rendering APP/View/Nvdinfos/view.ctp	1077.97
» Event: View.afterRender	0.04
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	19.74
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	6.16
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Http Connection	close
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/nvdinfos/view/54918
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/nvdinfos/view/54918
Remote Port	43333
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	3.16.147.165
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	3.16.147.165
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	3.16.147.165
Unique Id	aB_fpsb-6fzsyZ8B0UmigAAAAd4
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	3.16.147.165
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	3.16.147.165
Redirect Unique Id	aB_fpsb-6fzsyZ8B0UmigAAAAd4
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	3.16.147.165
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	3.16.147.165
Redirect Redirect Unique Id	aB_fpsb-6fzsyZ8B0UmigAAAAd4
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1746919334.1421
Request Time	1746919334

NVD

Actions

Related NVD References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files