CVE-2021-28030

HIGH

font (>=0.0.8 <=0.0.10), opentype (=0.11.0) potentially affected by CVE-2021-28030 via truetype (=0.9.1)

Details

CVSS v3: 7.5
CVSS v2: 5.0
NVD published: 2021-03-05 09:15:13
EPSS: 0.3% probability · 51.8th percentile — 2026-04-05
Affected versions: cpe:2.3:a:truetype_project:truetype:*:*:*:*:*:rust:*:*
Summary: An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes.
Remediation: Not available in our cache.
Exploit info: Not available in our cache.

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.