Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/4365?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/4365?format=api", "purl": "pkg:deb/debian/freetype@1.0.0.1998-03-22-1", "type": "deb", "namespace": "debian", "name": "freetype", "version": "1.0.0.1998-03-22-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.10.4+dfsg-1+deb11u1", "latest_non_vulnerable_version": "2.10.4+dfsg-1+deb11u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69371?format=api", "vulnerability_id": "VCID-1g6m-76bj-eqha", "summary": "The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9657.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9657.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01688", "scoring_system": "epss", "scoring_elements": "0.82561", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191079", "reference_id": "1191079", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191079" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2014-9657" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1g6m-76bj-eqha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2266?format=api", "vulnerability_id": "VCID-2yvb-7w2n-ybhg", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1131.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1131.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1131" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800589", "reference_id": "800589", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800589" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131", "reference_id": "CVE-2012-1131", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1131" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2yvb-7w2n-ybhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2263?format=api", "vulnerability_id": "VCID-31q8-w6bh-zuey", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1128.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1128.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02697", "scoring_system": "epss", "scoring_elements": "0.86154", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1128" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800584", "reference_id": "800584", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800584" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1128", "reference_id": "CVE-2012-1128", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1128" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1128" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-31q8-w6bh-zuey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69444?format=api", "vulnerability_id": "VCID-3r2c-py99-3bbt", "summary": "The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10244.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10244.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10244", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56484", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429965", "reference_id": "1429965", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429965" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856971", "reference_id": "856971", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856971" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4377?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3%252Bdeb8u2" } ], "aliases": [ "CVE-2016-10244" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3r2c-py99-3bbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6573?format=api", "vulnerability_id": "VCID-6bcv-2cx6-77es", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8287.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8287.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8287", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74353", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446073", "reference_id": "1446073", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446073" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861308", "reference_id": "861308", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861308" }, { "reference_url": "https://security.archlinux.org/ASA-201705-10", "reference_id": "ASA-201705-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201705-10" }, { "reference_url": "https://security.archlinux.org/ASA-201705-7", "reference_id": "ASA-201705-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201705-7" }, { "reference_url": "https://security.archlinux.org/AVG-257", "reference_id": "AVG-257", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-257" }, { "reference_url": "https://security.archlinux.org/AVG-258", "reference_id": "AVG-258", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-258" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4377?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3%252Bdeb8u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5533?format=api", "purl": "pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8zjm-pmh1-p7a2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.6.3-3.2%252Bdeb9u1" } ], "aliases": [ "CVE-2017-8287" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6bcv-2cx6-77es" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2262?format=api", "vulnerability_id": "VCID-6jeb-n9un-3qhd", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1127.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1127.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1127", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1127" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800583", "reference_id": "800583", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800583" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127", "reference_id": "CVE-2012-1127", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1127" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6jeb-n9un-3qhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69390?format=api", "vulnerability_id": "VCID-71q4-11dy-6ua7", "summary": "The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9663.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9663.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02497", "scoring_system": "epss", "scoring_elements": "0.85598", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191085", "reference_id": "1191085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191085" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2014-9663" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-71q4-11dy-6ua7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2265?format=api", "vulnerability_id": "VCID-79xr-2yux-37ea", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1130.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1130.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1130", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1130" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800587", "reference_id": "800587", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800587" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130", "reference_id": "CVE-2012-1130", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1130" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-79xr-2yux-37ea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69384?format=api", "vulnerability_id": "VCID-7vjf-m96b-6uay", "summary": "type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9661.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9661.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04005", "scoring_system": "epss", "scoring_elements": "0.88644", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191083", "reference_id": "1191083", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191083" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2014-9661" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7vjf-m96b-6uay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69433?format=api", "vulnerability_id": "VCID-86b1-gj4n-eybh", "summary": "The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9747.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9747.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9747", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01099", "scoring_system": "epss", "scoring_elements": "0.78369", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9747" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262373", "reference_id": "1262373", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262373" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798619", "reference_id": "798619", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798619" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2014-9747" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86b1-gj4n-eybh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69429?format=api", "vulnerability_id": "VCID-8pge-za7q-8ugx", "summary": "The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a \"broken number-with-base\" in a Postscript stream, as demonstrated by 8#garbage.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9745.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9745.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9745", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02852", "scoring_system": "epss", "scoring_elements": "0.86501", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262377", "reference_id": "1262377", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262377" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798620", "reference_id": "798620", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798620" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4377?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3%252Bdeb8u2" } ], "aliases": [ "CVE-2014-9745" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8pge-za7q-8ugx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2270?format=api", "vulnerability_id": "VCID-8sk7-1vxp-9bgd", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1135.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1135.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1135", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03525", "scoring_system": "epss", "scoring_elements": "0.87862", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1135" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800593", "reference_id": "800593", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800593" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135", "reference_id": "CVE-2012-1135", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1135" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8sk7-1vxp-9bgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1201?format=api", "vulnerability_id": "VCID-8zjm-pmh1-p7a2", "summary": "In Freetype, if PNG images were embedded into fonts, the Load_SBit_Png function contained an integer overflow that led to a heap buffer overflow, memory corruption, and an exploitable crash.*Note: While Project Zero did discover instances of this vulnerability being exploited in the wild against Chrome, in Firefox this vulnerability is only triggerable if a rarely-used, hidden preference is toggled, and only affected Linux and Android operating systems. Other operating systems are unaffected; and Linux and Android are unaffected in the default configuration.*", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15999.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15999.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15999", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93031", "scoring_system": "epss", "scoring_elements": "0.99792", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15999" }, { "reference_url": "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html" }, { "reference_url": "https://crbug.com/1139963", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://crbug.com/1139963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15961", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15961" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15962", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15962" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15963", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15964", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15964" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15965", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15965" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15966", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15966" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15967", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15967" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15968" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15969", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15971", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15971" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15972", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15972" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15973", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15973" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15974", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15974" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15978", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15978" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15979", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15979" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15980", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15980" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15981", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15981" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15982", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15982" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15983", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15983" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15985", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15985" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15986", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15986" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15987", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15987" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15988", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15988" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15990" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15992", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15992" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16000", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16000" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16002" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16003" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16004" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16016", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16016" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16018", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16018" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16026" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16027", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16027" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16028", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16028" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16029", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16029" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16030", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16030" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16033", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16033" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16034", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16034" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16035" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16036", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16036" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16037", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16037" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16038", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16038" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16039", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16039" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16040", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16040" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16041" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6510", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6510" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6512" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6516" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6525", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6525" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6530", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6530" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6534", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6534" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6535", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6535" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6536", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6536" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6537" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6538", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6538" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6539", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6539" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6540", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6540" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6541", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6541" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6542", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6542" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6543", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6543" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6545", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6545" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6547", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6547" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6548" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6549", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6549" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6551", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6551" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6552", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6552" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6554", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6554" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6556" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6557", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6557" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6559", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6559" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6560", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6560" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6563", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6563" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6564", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6564" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6576" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Nov/33", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2020/Nov/33" }, { "reference_url": "https://github.com/cefsharp/CefSharp", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/cefsharp/CefSharp" }, { "reference_url": "https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7" }, { "reference_url": "https://security.gentoo.org/glsa/202011-12", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202011-12" }, { "reference_url": "https://security.gentoo.org/glsa/202012-04", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202012-04" }, { "reference_url": "https://security.gentoo.org/glsa/202401-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202401-19" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240812-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240812-0001" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4824", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4824" }, { "reference_url": "https://www.nuget.org/packages/CefSharp.Common", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.nuget.org/packages/CefSharp.Common" }, { "reference_url": "https://www.nuget.org/packages/CefSharp.WinForms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.nuget.org/packages/CefSharp.WinForms" }, { "reference_url": "https://www.nuget.org/packages/CefSharp.Wpf", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.nuget.org/packages/CefSharp.Wpf" }, { "reference_url": "https://www.nuget.org/packages/CefSharp.Wpf.HwndHost", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.nuget.org/packages/CefSharp.Wpf.HwndHost" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890210", "reference_id": "1890210", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890210" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972586", "reference_id": "972586", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972586" }, { "reference_url": "https://security.archlinux.org/ASA-202010-10", "reference_id": "ASA-202010-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202010-10" }, { "reference_url": "https://security.archlinux.org/ASA-202010-11", "reference_id": "ASA-202010-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202010-11" }, { "reference_url": "https://security.archlinux.org/ASA-202011-12", "reference_id": "ASA-202011-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-12" }, { "reference_url": "https://security.archlinux.org/AVG-1254", "reference_id": "AVG-1254", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1254" }, { "reference_url": "https://security.archlinux.org/AVG-1255", "reference_id": "AVG-1255", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1255" }, { "reference_url": "https://security.archlinux.org/AVG-1279", "reference_id": "AVG-1279", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1279" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15999", "reference_id": "CVE-2020-15999", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15999" }, { "reference_url": "https://github.com/advisories/GHSA-pv36-h7jh-qm62", "reference_id": "GHSA-pv36-h7jh-qm62", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pv36-h7jh-qm62" }, { "reference_url": "https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62", "reference_id": "GHSA-pv36-h7jh-qm62", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62" }, { "reference_url": "https://security.gentoo.org/glsa/202010-07", "reference_id": "GLSA-202010-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202010-07" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-50", "reference_id": "mfsa2020-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-50" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51", "reference_id": "mfsa2020-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-52", "reference_id": "mfsa2020-52", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-52" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4351", "reference_id": "RHSA-2020:4351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4351" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4907", "reference_id": "RHSA-2020:4907", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4907" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4949", "reference_id": "RHSA-2020:4949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4950", "reference_id": "RHSA-2020:4950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4951", "reference_id": "RHSA-2020:4951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4952", "reference_id": "RHSA-2020:4952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4952" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5534?format=api", "purl": "pkg:deb/debian/freetype@2.9.1-3%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8zjm-pmh1-p7a2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.9.1-3%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/6119?format=api", "purl": "pkg:deb/debian/freetype@2.10.4%2Bdfsg-1%2Bdeb11u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.10.4%252Bdfsg-1%252Bdeb11u1" } ], "aliases": [ "CVE-2020-15999", "GHSA-pv36-h7jh-qm62" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8zjm-pmh1-p7a2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69409?format=api", "vulnerability_id": "VCID-9ud1-v7xu-g7dy", "summary": "Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9670.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9670.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03266", "scoring_system": "epss", "scoring_elements": "0.87389", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191093", "reference_id": "1191093", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191093" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2014-9670" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ud1-v7xu-g7dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2273?format=api", "vulnerability_id": "VCID-aswe-3g48-wfgm", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1138.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1138.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03525", "scoring_system": "epss", "scoring_elements": "0.87862", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1138" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800597", "reference_id": "800597", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138", "reference_id": "CVE-2012-1138", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1138" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aswe-3g48-wfgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69415?format=api", "vulnerability_id": "VCID-axt7-mnzh-vqhp", "summary": "Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9672.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9672.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03153", "scoring_system": "epss", "scoring_elements": "0.87142", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191095", "reference_id": "1191095", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191095" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2014-9672" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axt7-mnzh-vqhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69398?format=api", "vulnerability_id": "VCID-d2ph-8m1f-kfc3", "summary": "The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9666.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9666.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79573", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191089", "reference_id": "1191089", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191089" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2014-9666" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d2ph-8m1f-kfc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69430?format=api", "vulnerability_id": "VCID-d47r-eebb-jba6", "summary": "The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9746.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9746.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9746", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.75095", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262373", "reference_id": "1262373", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262373" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798619", "reference_id": "798619", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798619" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2014-9746" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d47r-eebb-jba6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69406?format=api", "vulnerability_id": "VCID-dg4p-f6uk-gkgy", "summary": "Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9669.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9669.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01838", "scoring_system": "epss", "scoring_elements": "0.83295", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191092", "reference_id": "1191092", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191092" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2014-9669" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dg4p-f6uk-gkgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2268?format=api", "vulnerability_id": "VCID-e4yc-a8j8-mqfq", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1133.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1133.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1133", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03525", "scoring_system": "epss", "scoring_elements": "0.87862", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1133" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800591", "reference_id": "800591", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800591" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133", "reference_id": "CVE-2012-1133", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1133" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e4yc-a8j8-mqfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69412?format=api", "vulnerability_id": "VCID-epxh-ss4r-zbdn", "summary": "Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9671.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9671.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02062", "scoring_system": "epss", "scoring_elements": "0.84233", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191094", "reference_id": "1191094", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191094" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2014-9671" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-epxh-ss4r-zbdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2264?format=api", "vulnerability_id": "VCID-fe3g-ww6q-hqa8", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1129.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1129.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1129", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1129" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800585", "reference_id": "800585", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800585" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129", "reference_id": "CVE-2012-1129", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1129" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fe3g-ww6q-hqa8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2272?format=api", "vulnerability_id": "VCID-g8bk-9bsd-p7bk", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1137.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1137.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1137", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1137" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800595", "reference_id": "800595", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800595" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137", "reference_id": "CVE-2012-1137", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1137" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8bk-9bsd-p7bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69367?format=api", "vulnerability_id": "VCID-gwdk-xf64-kuen", "summary": "The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9656.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9656.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.85214", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191078", "reference_id": "1191078", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191078" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2014-9656" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gwdk-xf64-kuen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2261?format=api", "vulnerability_id": "VCID-jqjv-gjbe-dbfg", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1126.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1126.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03091", "scoring_system": "epss", "scoring_elements": "0.87032", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1126" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800581", "reference_id": "800581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126", "reference_id": "CVE-2012-1126", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1126" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqjv-gjbe-dbfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2276?format=api", "vulnerability_id": "VCID-kemx-zuam-uqab", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1141.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1141.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1141", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1141" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800602", "reference_id": "800602", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800602" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141", "reference_id": "CVE-2012-1141", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1141" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kemx-zuam-uqab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6574?format=api", "vulnerability_id": "VCID-keyh-yygz-y7ep", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8105.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8105.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8105", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00966", "scoring_system": "epss", "scoring_elements": "0.76919", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446500", "reference_id": "1446500", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446500" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861220", "reference_id": "861220", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861220" }, { "reference_url": "https://security.archlinux.org/ASA-201705-10", "reference_id": "ASA-201705-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201705-10" }, { "reference_url": "https://security.archlinux.org/ASA-201705-7", "reference_id": "ASA-201705-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201705-7" }, { "reference_url": "https://security.archlinux.org/AVG-257", "reference_id": "AVG-257", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-257" }, { "reference_url": "https://security.archlinux.org/AVG-258", "reference_id": "AVG-258", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-258" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4377?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3%252Bdeb8u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5533?format=api", "purl": "pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8zjm-pmh1-p7a2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.6.3-3.2%252Bdeb9u1" } ], "aliases": [ "CVE-2017-8105" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-keyh-yygz-y7ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2271?format=api", "vulnerability_id": "VCID-kwd7-sv6y-eyh8", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1136.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1136.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04956", "scoring_system": "epss", "scoring_elements": "0.89835", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1136" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800594", "reference_id": "800594", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800594" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136", "reference_id": "CVE-2012-1136", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1136" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kwd7-sv6y-eyh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69381?format=api", "vulnerability_id": "VCID-nsas-gyxj-67g2", "summary": "The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9660.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9660.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04649", "scoring_system": "epss", "scoring_elements": "0.89483", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191082", "reference_id": "1191082", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191082" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2014-9660" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nsas-gyxj-67g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2267?format=api", "vulnerability_id": "VCID-psxs-t1t2-bkba", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1132.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1132.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1132", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1132" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800590", "reference_id": "800590", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800590" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132", "reference_id": "CVE-2012-1132", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1132" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-psxs-t1t2-bkba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69374?format=api", "vulnerability_id": "VCID-qpms-y8cx-dkdw", "summary": "The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9658.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9658.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01688", "scoring_system": "epss", "scoring_elements": "0.82561", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191080", "reference_id": "1191080", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191080" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2014-9658" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qpms-y8cx-dkdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69425?format=api", "vulnerability_id": "VCID-r3y3-86vk-5fem", "summary": "bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9675.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9675.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0141", "scoring_system": "epss", "scoring_elements": "0.80841", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9675" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191192", "reference_id": "1191192", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191192" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2014-9675" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r3y3-86vk-5fem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2274?format=api", "vulnerability_id": "VCID-r47y-we15-pqg3", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1139.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1139.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1139", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1139" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800598", "reference_id": "800598", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139", "reference_id": "CVE-2012-1139", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1139" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r47y-we15-pqg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69393?format=api", "vulnerability_id": "VCID-rqa9-mp2r-g3cn", "summary": "FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9664.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9664.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01169", "scoring_system": "epss", "scoring_elements": "0.78991", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191086", "reference_id": "1191086", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191086" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2014-9664" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rqa9-mp2r-g3cn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69422?format=api", "vulnerability_id": "VCID-tadq-59q1-z7gw", "summary": "The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9674.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9674.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04311", "scoring_system": "epss", "scoring_elements": "0.89073", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9674" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191190", "reference_id": "1191190", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191190" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2014-9674" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tadq-59q1-z7gw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2275?format=api", "vulnerability_id": "VCID-tvvd-q7nw-eyey", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1140.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1140.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1140", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1140" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800600", "reference_id": "800600", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800600" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1140", "reference_id": "CVE-2012-1140", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1140" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1140" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tvvd-q7nw-eyey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69401?format=api", "vulnerability_id": "VCID-uuq4-51jp-fqfj", "summary": "sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9667.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9667.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01771", "scoring_system": "epss", "scoring_elements": "0.82996", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191090", "reference_id": "1191090", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191090" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2014-9667" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uuq4-51jp-fqfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69418?format=api", "vulnerability_id": "VCID-uyr7-9j1h-eker", "summary": "Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9673.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9673.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02793", "scoring_system": "epss", "scoring_elements": "0.86364", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191096", "reference_id": "1191096", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191096" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2014-9673" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uyr7-9j1h-eker" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2279?format=api", "vulnerability_id": "VCID-vx31-mywv-1fhr", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1144.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1144.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03525", "scoring_system": "epss", "scoring_elements": "0.87862", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1144" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800607", "reference_id": "800607", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800607" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1144", "reference_id": "CVE-2012-1144", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1144" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1144" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vx31-mywv-1fhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2277?format=api", "vulnerability_id": "VCID-xxs6-891m-t3bm", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1142.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1142.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04956", "scoring_system": "epss", "scoring_elements": "0.89835", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1142" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800604", "reference_id": "800604", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142", "reference_id": "CVE-2012-1142", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1142" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xxs6-891m-t3bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2269?format=api", "vulnerability_id": "VCID-z2q3-ejur-8uhb", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1134.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1134.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1134", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05858", "scoring_system": "epss", "scoring_elements": "0.90723", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1134" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800592", "reference_id": "800592", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800592" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134", "reference_id": "CVE-2012-1134", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1134" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z2q3-ejur-8uhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2278?format=api", "vulnerability_id": "VCID-z66j-hvpb-9ydk", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1143.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1143.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02148", "scoring_system": "epss", "scoring_elements": "0.8455", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1143" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800606", "reference_id": "800606", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143", "reference_id": "CVE-2012-1143", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-keyh-yygz-y7ep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1143" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z66j-hvpb-9ydk" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@1.0.0.1998-03-22-1" }