CVE-2017-7858: freetype: out-of-bounds write related to the TT_Get_MM_Var and sfnt_init_face functions

Severity: Critical

CVSS Score: 9.8

FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.