Total
92 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15999 | 5 Debian, Fedoraproject, Freetype and 2 more | 5 Debian Linux, Fedora, Freetype and 2 more | 2024-07-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2017-7857 | 1 Freetype | 1 Freetype | 2024-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. | |||||
| CVE-2017-7858 | 1 Freetype | 1 Freetype | 2024-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. | |||||
| CVE-2022-27406 | 2 Fedoraproject, Freetype | 2 Fedora, Freetype | 2024-02-29 | 5.0 MEDIUM | 7.5 HIGH |
| FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. | |||||
| CVE-2022-27405 | 2 Fedoraproject, Freetype | 2 Fedora, Freetype | 2024-02-29 | 5.0 MEDIUM | 7.5 HIGH |
| FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. | |||||
| CVE-2022-27404 | 2 Fedoraproject, Freetype | 2 Fedora, Freetype | 2024-02-29 | 7.5 HIGH | 9.8 CRITICAL |
| FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. | |||||
| CVE-2015-9382 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. | |||||
| CVE-2015-9383 | 3 Canonical, Debian, Freetype | 3 Ubuntu Linux, Debian Linux, Freetype | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. | |||||
| CVE-2015-9290 | 1 Freetype | 1 Freetype | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again. | |||||
| CVE-2015-9381 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. | |||||
| CVE-2018-6942 | 2 Canonical, Freetype | 2 Ubuntu Linux, Freetype | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file. | |||||
| CVE-2016-10328 | 2 Freetype, Oracle | 2 Freetype, Outside In Technology | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. | |||||
| CVE-2017-7864 | 1 Freetype | 1 Freetype | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. | |||||
| CVE-2016-10244 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2017-8287 | 1 Freetype | 1 Freetype | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. | |||||
| CVE-2017-8105 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. | |||||
| CVE-2014-9747 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font. | |||||
| CVE-2014-9745 | 4 Canonical, Debian, Freetype and 1 more | 4 Ubuntu Linux, Debian Linux, Freetype and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
| The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage. | |||||
| CVE-2014-9746 | 2 Debian, Freetype | 2 Debian Linux, Freetype | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font. | |||||
| CVE-2014-9671 | 6 Canonical, Debian, Freetype and 3 more | 11 Ubuntu Linux, Debian Linux, Freetype and 8 more | 2024-02-28 | 4.3 MEDIUM | N/A |
| Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented. | |||||