Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/freetype@1.2-3

Type deb

Namespace debian

Name freetype

Version 1.2-3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.10.4+dfsg-1+deb11u1

Latest_non_vulnerable_version 2.10.4+dfsg-1+deb11u1

Affected_by_vulnerabilities

url VCID-1g6m-76bj-eqha

vulnerability_id VCID-1g6m-76bj-eqha

summary The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9657.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9657.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9657

reference_id

reference_type

scores

value	0.01688
scoring_system	epss
scoring_elements	0.82561
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1191079
reference_id	1191079
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1191079

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
reference_id	777656
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656

reference_url	https://security.gentoo.org/glsa/201503-05
reference_id	GLSA-201503-05
reference_type
scores
url	https://security.gentoo.org/glsa/201503-05

reference_url	https://access.redhat.com/errata/RHSA-2015:0696
reference_id	RHSA-2015:0696
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0696

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2014-9657

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1g6m-76bj-eqha

url VCID-2yvb-7w2n-ybhg

vulnerability_id VCID-2yvb-7w2n-ybhg

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1131.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1131.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1131

reference_id

reference_type

scores

value	0.02967
scoring_system	epss
scoring_elements	0.86758
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1131

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800589
reference_id	800589
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800589

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131
reference_id	CVE-2012-1131
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_url	https://access.redhat.com/errata/RHSA-2012:0467
reference_id	RHSA-2012:0467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0467

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1131

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2yvb-7w2n-ybhg

url VCID-31q8-w6bh-zuey

vulnerability_id VCID-31q8-w6bh-zuey

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1128.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1128.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1128

reference_id

reference_type

scores

value	0.02697
scoring_system	epss
scoring_elements	0.86154
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1128

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800584
reference_id	800584
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800584

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1128
reference_id	CVE-2012-1128
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1128

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1128

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31q8-w6bh-zuey

url VCID-3r2c-py99-3bbt

vulnerability_id VCID-3r2c-py99-3bbt

summary The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10244.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10244.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10244

reference_id

reference_type

scores

value	0.00334
scoring_system	epss
scoring_elements	0.56484
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10244

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1429965
reference_id	1429965
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1429965

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856971
reference_id	856971
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856971

fixed_packages

url pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2

purl pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3%252Bdeb8u2

aliases CVE-2016-10244

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3r2c-py99-3bbt

url VCID-6bcv-2cx6-77es

vulnerability_id VCID-6bcv-2cx6-77es

summary arbitrary code execution

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8287.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8287.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-8287

reference_id

reference_type

scores

value	0.00797
scoring_system	epss
scoring_elements	0.74353
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-8287

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1446073
reference_id	1446073
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1446073

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861308
reference_id	861308
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861308

reference_url	https://security.archlinux.org/ASA-201705-10
reference_id	ASA-201705-10
reference_type
scores
url	https://security.archlinux.org/ASA-201705-10

reference_url	https://security.archlinux.org/ASA-201705-7
reference_id	ASA-201705-7
reference_type
scores
url	https://security.archlinux.org/ASA-201705-7

reference_url

https://security.archlinux.org/AVG-257

reference_id

AVG-257

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-257

reference_url

https://security.archlinux.org/AVG-258

reference_id

AVG-258

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-258

fixed_packages

url pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2

purl pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3%252Bdeb8u2

url pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1

purl pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8zjm-pmh1-p7a2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.6.3-3.2%252Bdeb9u1

aliases CVE-2017-8287

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6bcv-2cx6-77es

url VCID-6jeb-n9un-3qhd

vulnerability_id VCID-6jeb-n9un-3qhd

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1127.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1127.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1127

reference_id

reference_type

scores

value	0.02967
scoring_system	epss
scoring_elements	0.86758
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1127

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800583
reference_id	800583
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800583

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127
reference_id	CVE-2012-1127
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_url	https://access.redhat.com/errata/RHSA-2012:0467
reference_id	RHSA-2012:0467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0467

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1127

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6jeb-n9un-3qhd

url VCID-71q4-11dy-6ua7

vulnerability_id VCID-71q4-11dy-6ua7

summary The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9663.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9663.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9663

reference_id

reference_type

scores

value	0.02497
scoring_system	epss
scoring_elements	0.85598
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1191085
reference_id	1191085
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1191085

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
reference_id	777656
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656

reference_url	https://security.gentoo.org/glsa/201503-05
reference_id	GLSA-201503-05
reference_type
scores
url	https://security.gentoo.org/glsa/201503-05

reference_url	https://access.redhat.com/errata/RHSA-2015:0696
reference_id	RHSA-2015:0696
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0696

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2014-9663

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71q4-11dy-6ua7

url VCID-79xr-2yux-37ea

vulnerability_id VCID-79xr-2yux-37ea

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1130.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1130.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1130

reference_id

reference_type

scores

value	0.02967
scoring_system	epss
scoring_elements	0.86758
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1130

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800587
reference_id	800587
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800587

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130
reference_id	CVE-2012-1130
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_url	https://access.redhat.com/errata/RHSA-2012:0467
reference_id	RHSA-2012:0467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0467

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1130

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-79xr-2yux-37ea

url VCID-7vjf-m96b-6uay

vulnerability_id VCID-7vjf-m96b-6uay

summary type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9661.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9661.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9661

reference_id

reference_type

scores

value	0.04005
scoring_system	epss
scoring_elements	0.88644
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1191083
reference_id	1191083
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1191083

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
reference_id	777656
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656

reference_url	https://security.gentoo.org/glsa/201503-05
reference_id	GLSA-201503-05
reference_type
scores
url	https://security.gentoo.org/glsa/201503-05

reference_url	https://access.redhat.com/errata/RHSA-2015:0696
reference_id	RHSA-2015:0696
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0696

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2014-9661

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7vjf-m96b-6uay

url VCID-86b1-gj4n-eybh

vulnerability_id VCID-86b1-gj4n-eybh

summary The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9747.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9747.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9747

reference_id

reference_type

scores

value	0.01099
scoring_system	epss
scoring_elements	0.78369
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9747

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1262373
reference_id	1262373
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1262373

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798619
reference_id	798619
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798619

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2014-9747

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86b1-gj4n-eybh

url VCID-8pge-za7q-8ugx

vulnerability_id VCID-8pge-za7q-8ugx

summary The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9745.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9745.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9745

reference_id

reference_type

scores

value	0.02852
scoring_system	epss
scoring_elements	0.86501
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9745

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1262377
reference_id	1262377
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1262377

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798620
reference_id	798620
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798620

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

url pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2

purl pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3%252Bdeb8u2

aliases CVE-2014-9745

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8pge-za7q-8ugx

url VCID-8sk7-1vxp-9bgd

vulnerability_id VCID-8sk7-1vxp-9bgd

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1135.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1135.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1135

reference_id

reference_type

scores

value	0.03525
scoring_system	epss
scoring_elements	0.87862
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1135

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800593
reference_id	800593
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800593

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135
reference_id	CVE-2012-1135
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1135

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8sk7-1vxp-9bgd

url VCID-8zjm-pmh1-p7a2

vulnerability_id VCID-8zjm-pmh1-p7a2

summary In Freetype, if PNG images were embedded into fonts, the Load_SBit_Png function contained an integer overflow that led to a heap buffer overflow, memory corruption, and an exploitable crash.*Note: While Project Zero did discover instances of this vulnerability being exploited in the wild against Chrome, in Firefox this vulnerability is only triggerable if a rarely-used, hidden preference is toggled, and only affected Linux and Android operating systems. Other operating systems are unaffected; and Linux and Android are unaffected in the default configuration.*

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15999.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15999.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15999

reference_id

reference_type

scores

value	0.93031
scoring_system	epss
scoring_elements	0.99792
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15999

reference_url

https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html

reference_url

https://crbug.com/1139963

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://crbug.com/1139963

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15960

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15961
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15961

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15962
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15962

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15963
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15963

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15964
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15964

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15965
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15965

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15966
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15966

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15967
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15967

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15968
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15968

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15969
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15969

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15970
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15970

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15971
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15971

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15972
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15972

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15973
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15973

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15974
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15974

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15975
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15975

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15976
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15976

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15977
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15977

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15978
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15978

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15979
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15979

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15980
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15980

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15981
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15981

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15982
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15982

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15983
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15983

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15984
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15984

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15985
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15985

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15986
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15986

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15987
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15987

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15988
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15988

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15989
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15989

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15990
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15990

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15991
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15991

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15992
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15992

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16000
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16000

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16001
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16001

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16002
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16002

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16003
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16003

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16004
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16004

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16006
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16006

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16008
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16008

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16011
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16011

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16012
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16012

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16015
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16015

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16016
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16016

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16017
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16017

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16018
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16018

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16019
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16019

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16020
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16020

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16021
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16021

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16022
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16022

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16023
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16023

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16024
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16024

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16025
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16025

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16026
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16026

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16027
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16027

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16028
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16028

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16029
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16029

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16030
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16030

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16031
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16031

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16032
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16032

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16033
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16033

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16034
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16034

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16036
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16036

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16037
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16037

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16038
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16038

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16039
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16039

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16040
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16040

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16041
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16041

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16042
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16042

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36765
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36765

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6510
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6510

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6511
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6511

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6512
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6512

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6515
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6516
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6516

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6517
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6517

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6518
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6518

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6519
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6520

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6521
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6521

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6522
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6522

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6523
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6523

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6524
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6524

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6525
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6525

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6527
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6527

100

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6528

101

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6529
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6529

102

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6530
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6530

103

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6531
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6531

104

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6532
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6532

105

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6533

106

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6534
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6534

107

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6535
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6535

108

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6536
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6536

109

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6537
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6537

110

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6538

111

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6539
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6539

112

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6540
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6540

113

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6541
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6541

114

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6542
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6542

115

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6543
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6543

116

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6544
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6544

117

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6545
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6545

118

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6547
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6547

119

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6548
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6548

120

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6549
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6549

121

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6550
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6550

122

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6551
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6551

123

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6552
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6552

124

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6553
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6553

125

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6554
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6554

126

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6555
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6555

127

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6556
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6556

128

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6557
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6557

129

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6559
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6559

130

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6560
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6560

131

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6561

132

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6562

133

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6563
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6563

134

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6564
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6564

135

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6565
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6565

136

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6566
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6566

137

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6567
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6567

138

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6568
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6568

139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6569
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6569

140

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6570

141

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6571
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6571

142

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6573
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6573

143

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6575
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6575

144

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6576

145

reference_url

http://seclists.org/fulldisclosure/2020/Nov/33

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2020/Nov/33

146

reference_url

https://github.com/cefsharp/CefSharp

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/cefsharp/CefSharp

147

reference_url

https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html

148

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7

149

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7

150

reference_url

https://security.gentoo.org/glsa/202011-12

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202011-12

151

reference_url

https://security.gentoo.org/glsa/202012-04

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202012-04

152

reference_url

https://security.gentoo.org/glsa/202401-19

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202401-19

153

reference_url

https://security.netapp.com/advisory/ntap-20240812-0001

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240812-0001

154

reference_url

https://www.debian.org/security/2021/dsa-4824

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-4824

155

reference_url

https://www.nuget.org/packages/CefSharp.Common

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.nuget.org/packages/CefSharp.Common

156

reference_url

https://www.nuget.org/packages/CefSharp.WinForms

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.nuget.org/packages/CefSharp.WinForms

157

reference_url

https://www.nuget.org/packages/CefSharp.Wpf

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.nuget.org/packages/CefSharp.Wpf

158

reference_url

https://www.nuget.org/packages/CefSharp.Wpf.HwndHost

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.nuget.org/packages/CefSharp.Wpf.HwndHost

159

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1890210
reference_id	1890210
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1890210

160

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972586
reference_id	972586
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972586

161

reference_url	https://security.archlinux.org/ASA-202010-10
reference_id	ASA-202010-10
reference_type
scores
url	https://security.archlinux.org/ASA-202010-10

162

reference_url	https://security.archlinux.org/ASA-202010-11
reference_id	ASA-202010-11
reference_type
scores
url	https://security.archlinux.org/ASA-202010-11

163

reference_url	https://security.archlinux.org/ASA-202011-12
reference_id	ASA-202011-12
reference_type
scores
url	https://security.archlinux.org/ASA-202011-12

164

reference_url

https://security.archlinux.org/AVG-1254

reference_id

AVG-1254

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1254

165

reference_url

https://security.archlinux.org/AVG-1255

reference_id

AVG-1255

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1255

166

reference_url

https://security.archlinux.org/AVG-1279

reference_id

AVG-1279

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1279

167

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-15999

reference_id

CVE-2020-15999

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15999

168

reference_url	https://github.com/advisories/GHSA-pv36-h7jh-qm62
reference_id	GHSA-pv36-h7jh-qm62
reference_type
scores
url	https://github.com/advisories/GHSA-pv36-h7jh-qm62

169

reference_url

https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62

reference_id

GHSA-pv36-h7jh-qm62

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62

170

reference_url	https://security.gentoo.org/glsa/202010-07
reference_id	GLSA-202010-07
reference_type
scores
url	https://security.gentoo.org/glsa/202010-07

171

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-50

reference_id

mfsa2020-50

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-50

172

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-51

reference_id

mfsa2020-51

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-51

173

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-52

reference_id

mfsa2020-52

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2020-52

174

reference_url	https://access.redhat.com/errata/RHSA-2020:4351
reference_id	RHSA-2020:4351
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4351

175

reference_url	https://access.redhat.com/errata/RHSA-2020:4907
reference_id	RHSA-2020:4907
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4907

176

reference_url	https://access.redhat.com/errata/RHSA-2020:4949
reference_id	RHSA-2020:4949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4949

177

reference_url	https://access.redhat.com/errata/RHSA-2020:4950
reference_id	RHSA-2020:4950
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4950

178

reference_url	https://access.redhat.com/errata/RHSA-2020:4951
reference_id	RHSA-2020:4951
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4951

179

reference_url	https://access.redhat.com/errata/RHSA-2020:4952
reference_id	RHSA-2020:4952
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4952

fixed_packages

url pkg:deb/debian/freetype@2.9.1-3%2Bdeb10u3

purl pkg:deb/debian/freetype@2.9.1-3%2Bdeb10u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8zjm-pmh1-p7a2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.9.1-3%252Bdeb10u3

url	pkg:deb/debian/freetype@2.10.4%2Bdfsg-1%2Bdeb11u1
purl	pkg:deb/debian/freetype@2.10.4%2Bdfsg-1%2Bdeb11u1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.10.4%252Bdfsg-1%252Bdeb11u1

aliases CVE-2020-15999, GHSA-pv36-h7jh-qm62

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8zjm-pmh1-p7a2

url VCID-9ud1-v7xu-g7dy

vulnerability_id VCID-9ud1-v7xu-g7dy

summary Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9670.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9670.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9670

reference_id

reference_type

scores

value	0.03266
scoring_system	epss
scoring_elements	0.87389
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1191093
reference_id	1191093
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1191093

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
reference_id	777656
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656

reference_url	https://security.gentoo.org/glsa/201503-05
reference_id	GLSA-201503-05
reference_type
scores
url	https://security.gentoo.org/glsa/201503-05

reference_url	https://access.redhat.com/errata/RHSA-2015:0696
reference_id	RHSA-2015:0696
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0696

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2014-9670

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ud1-v7xu-g7dy

url VCID-aswe-3g48-wfgm

vulnerability_id VCID-aswe-3g48-wfgm

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1138.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1138.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1138

reference_id

reference_type

scores

value	0.03525
scoring_system	epss
scoring_elements	0.87862
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1138

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800597
reference_id	800597
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138
reference_id	CVE-2012-1138
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1138

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aswe-3g48-wfgm

url VCID-axt7-mnzh-vqhp

vulnerability_id VCID-axt7-mnzh-vqhp

summary Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9672.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9672.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9672

reference_id

reference_type

scores

value	0.03153
scoring_system	epss
scoring_elements	0.87142
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9672

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1191095
reference_id	1191095
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1191095

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
reference_id	777656
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656

reference_url	https://security.gentoo.org/glsa/201503-05
reference_id	GLSA-201503-05
reference_type
scores
url	https://security.gentoo.org/glsa/201503-05

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2014-9672

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-axt7-mnzh-vqhp

url VCID-d2ph-8m1f-kfc3

vulnerability_id VCID-d2ph-8m1f-kfc3

summary The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9666.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9666.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9666

reference_id

reference_type

scores

value	0.01239
scoring_system	epss
scoring_elements	0.79573
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9666

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1191089
reference_id	1191089
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1191089

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
reference_id	777656
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656

reference_url	https://security.gentoo.org/glsa/201503-05
reference_id	GLSA-201503-05
reference_type
scores
url	https://security.gentoo.org/glsa/201503-05

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2014-9666

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d2ph-8m1f-kfc3

url VCID-d47r-eebb-jba6

vulnerability_id VCID-d47r-eebb-jba6

summary The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9746.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9746.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9746

reference_id

reference_type

scores

value	0.00842
scoring_system	epss
scoring_elements	0.75095
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9746

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1262373
reference_id	1262373
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1262373

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798619
reference_id	798619
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798619

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2014-9746

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d47r-eebb-jba6

url VCID-dg4p-f6uk-gkgy

vulnerability_id VCID-dg4p-f6uk-gkgy

summary Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9669.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9669.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9669

reference_id

reference_type

scores

value	0.01838
scoring_system	epss
scoring_elements	0.83295
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1191092
reference_id	1191092
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1191092

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
reference_id	777656
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656

reference_url	https://security.gentoo.org/glsa/201503-05
reference_id	GLSA-201503-05
reference_type
scores
url	https://security.gentoo.org/glsa/201503-05

reference_url	https://access.redhat.com/errata/RHSA-2015:0696
reference_id	RHSA-2015:0696
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0696

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2014-9669

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dg4p-f6uk-gkgy

url VCID-e4yc-a8j8-mqfq

vulnerability_id VCID-e4yc-a8j8-mqfq

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1133.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1133.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1133

reference_id

reference_type

scores

value	0.03525
scoring_system	epss
scoring_elements	0.87862
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1133

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800591
reference_id	800591
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800591

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133
reference_id	CVE-2012-1133
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1133

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4yc-a8j8-mqfq

url VCID-epxh-ss4r-zbdn

vulnerability_id VCID-epxh-ss4r-zbdn

summary Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9671.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9671.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9671

reference_id

reference_type

scores

value	0.02062
scoring_system	epss
scoring_elements	0.84233
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9671

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1191094
reference_id	1191094
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1191094

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
reference_id	777656
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656

reference_url	https://security.gentoo.org/glsa/201503-05
reference_id	GLSA-201503-05
reference_type
scores
url	https://security.gentoo.org/glsa/201503-05

reference_url	https://access.redhat.com/errata/RHSA-2015:0696
reference_id	RHSA-2015:0696
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0696

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2014-9671

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epxh-ss4r-zbdn

url VCID-fe3g-ww6q-hqa8

vulnerability_id VCID-fe3g-ww6q-hqa8

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1129.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1129.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1129

reference_id

reference_type

scores

value	0.02967
scoring_system	epss
scoring_elements	0.86758
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1129

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800585
reference_id	800585
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800585

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129
reference_id	CVE-2012-1129
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1129

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fe3g-ww6q-hqa8

url VCID-g8bk-9bsd-p7bk

vulnerability_id VCID-g8bk-9bsd-p7bk

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1137.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1137.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1137

reference_id

reference_type

scores

value	0.02967
scoring_system	epss
scoring_elements	0.86758
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1137

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800595
reference_id	800595
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800595

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137
reference_id	CVE-2012-1137
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_url	https://access.redhat.com/errata/RHSA-2012:0467
reference_id	RHSA-2012:0467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0467

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1137

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8bk-9bsd-p7bk

url VCID-gwdk-xf64-kuen

vulnerability_id VCID-gwdk-xf64-kuen

summary The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9656.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9656.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9656

reference_id

reference_type

scores

value	0.02359
scoring_system	epss
scoring_elements	0.85214
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1191078
reference_id	1191078
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1191078

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
reference_id	777656
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656

reference_url	https://security.gentoo.org/glsa/201503-05
reference_id	GLSA-201503-05
reference_type
scores
url	https://security.gentoo.org/glsa/201503-05

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2014-9656

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwdk-xf64-kuen

url VCID-jqjv-gjbe-dbfg

vulnerability_id VCID-jqjv-gjbe-dbfg

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1126.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1126.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1126

reference_id

reference_type

scores

value	0.03091
scoring_system	epss
scoring_elements	0.87032
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1126

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800581
reference_id	800581
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126
reference_id	CVE-2012-1126
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_url	https://access.redhat.com/errata/RHSA-2012:0467
reference_id	RHSA-2012:0467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0467

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1126

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jqjv-gjbe-dbfg

url VCID-kemx-zuam-uqab

vulnerability_id VCID-kemx-zuam-uqab

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1141.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1141.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1141

reference_id

reference_type

scores

value	0.02967
scoring_system	epss
scoring_elements	0.86758
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1141

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800602
reference_id	800602
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800602

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141
reference_id	CVE-2012-1141
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_url	https://access.redhat.com/errata/RHSA-2012:0467
reference_id	RHSA-2012:0467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0467

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1141

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kemx-zuam-uqab

url VCID-keyh-yygz-y7ep

vulnerability_id VCID-keyh-yygz-y7ep

summary arbitrary code execution

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8105.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8105.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-8105

reference_id

reference_type

scores

value	0.00966
scoring_system	epss
scoring_elements	0.76919
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-8105

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1446500
reference_id	1446500
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1446500

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861220
reference_id	861220
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861220

reference_url	https://security.archlinux.org/ASA-201705-10
reference_id	ASA-201705-10
reference_type
scores
url	https://security.archlinux.org/ASA-201705-10

reference_url	https://security.archlinux.org/ASA-201705-7
reference_id	ASA-201705-7
reference_type
scores
url	https://security.archlinux.org/ASA-201705-7

reference_url

https://security.archlinux.org/AVG-257

reference_id

AVG-257

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-257

reference_url

https://security.archlinux.org/AVG-258

reference_id

AVG-258

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-258

fixed_packages

url pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2

purl pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3%252Bdeb8u2

url pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1

purl pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8zjm-pmh1-p7a2

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.6.3-3.2%252Bdeb9u1

aliases CVE-2017-8105

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-keyh-yygz-y7ep

url VCID-kwd7-sv6y-eyh8

vulnerability_id VCID-kwd7-sv6y-eyh8

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1136.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1136.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1136

reference_id

reference_type

scores

value	0.04956
scoring_system	epss
scoring_elements	0.89835
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1136

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800594
reference_id	800594
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800594

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136
reference_id	CVE-2012-1136
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_url	https://access.redhat.com/errata/RHSA-2012:0467
reference_id	RHSA-2012:0467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0467

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1136

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kwd7-sv6y-eyh8

url VCID-nsas-gyxj-67g2

vulnerability_id VCID-nsas-gyxj-67g2

summary The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9660.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9660.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9660

reference_id

reference_type

scores

value	0.04649
scoring_system	epss
scoring_elements	0.89483
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1191082
reference_id	1191082
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1191082

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
reference_id	777656
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656

reference_url	https://security.gentoo.org/glsa/201503-05
reference_id	GLSA-201503-05
reference_type
scores
url	https://security.gentoo.org/glsa/201503-05

reference_url	https://access.redhat.com/errata/RHSA-2015:0696
reference_id	RHSA-2015:0696
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0696

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2014-9660

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nsas-gyxj-67g2

url VCID-psxs-t1t2-bkba

vulnerability_id VCID-psxs-t1t2-bkba

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1132.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1132.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1132

reference_id

reference_type

scores

value	0.02967
scoring_system	epss
scoring_elements	0.86758
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1132

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800590
reference_id	800590
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800590

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132
reference_id	CVE-2012-1132
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_url	https://access.redhat.com/errata/RHSA-2012:0467
reference_id	RHSA-2012:0467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0467

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1132

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-psxs-t1t2-bkba

url VCID-qpms-y8cx-dkdw

vulnerability_id VCID-qpms-y8cx-dkdw

summary The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9658.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9658.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9658

reference_id

reference_type

scores

value	0.01688
scoring_system	epss
scoring_elements	0.82561
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1191080
reference_id	1191080
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1191080

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
reference_id	777656
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656

reference_url	https://security.gentoo.org/glsa/201503-05
reference_id	GLSA-201503-05
reference_type
scores
url	https://security.gentoo.org/glsa/201503-05

reference_url	https://access.redhat.com/errata/RHSA-2015:0696
reference_id	RHSA-2015:0696
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0696

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2014-9658

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qpms-y8cx-dkdw

url VCID-r3y3-86vk-5fem

vulnerability_id VCID-r3y3-86vk-5fem

summary bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9675.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9675.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9675

reference_id

reference_type

scores

value	0.0141
scoring_system	epss
scoring_elements	0.80841
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9675

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1191192
reference_id	1191192
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1191192

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
reference_id	777656
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656

reference_url	https://security.gentoo.org/glsa/201503-05
reference_id	GLSA-201503-05
reference_type
scores
url	https://security.gentoo.org/glsa/201503-05

reference_url	https://access.redhat.com/errata/RHSA-2015:0696
reference_id	RHSA-2015:0696
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0696

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2014-9675

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r3y3-86vk-5fem

url VCID-r47y-we15-pqg3

vulnerability_id VCID-r47y-we15-pqg3

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1139.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1139.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1139

reference_id

reference_type

scores

value	0.02967
scoring_system	epss
scoring_elements	0.86758
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1139

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800598
reference_id	800598
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139
reference_id	CVE-2012-1139
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_url	https://access.redhat.com/errata/RHSA-2012:0467
reference_id	RHSA-2012:0467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0467

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1139

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r47y-we15-pqg3

url VCID-rqa9-mp2r-g3cn

vulnerability_id VCID-rqa9-mp2r-g3cn

summary FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9664.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9664.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9664

reference_id

reference_type

scores

value	0.01169
scoring_system	epss
scoring_elements	0.78991
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9664

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1191086
reference_id	1191086
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1191086

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
reference_id	777656
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656

reference_url	https://security.gentoo.org/glsa/201503-05
reference_id	GLSA-201503-05
reference_type
scores
url	https://security.gentoo.org/glsa/201503-05

reference_url	https://access.redhat.com/errata/RHSA-2015:0696
reference_id	RHSA-2015:0696
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0696

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2014-9664

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqa9-mp2r-g3cn

url VCID-tadq-59q1-z7gw

vulnerability_id VCID-tadq-59q1-z7gw

summary The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9674.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9674.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9674

reference_id

reference_type

scores

value	0.04311
scoring_system	epss
scoring_elements	0.89073
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9674

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9674
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9674

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1191190
reference_id	1191190
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1191190

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
reference_id	777656
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656

reference_url	https://security.gentoo.org/glsa/201503-05
reference_id	GLSA-201503-05
reference_type
scores
url	https://security.gentoo.org/glsa/201503-05

reference_url	https://access.redhat.com/errata/RHSA-2015:0696
reference_id	RHSA-2015:0696
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0696

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2014-9674

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tadq-59q1-z7gw

url VCID-tvvd-q7nw-eyey

vulnerability_id VCID-tvvd-q7nw-eyey

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1140.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1140.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1140

reference_id

reference_type

scores

value	0.02967
scoring_system	epss
scoring_elements	0.86758
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1140

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800600
reference_id	800600
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800600

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1140
reference_id	CVE-2012-1140
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1140

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_url	https://access.redhat.com/errata/RHSA-2012:0467
reference_id	RHSA-2012:0467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0467

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1140

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tvvd-q7nw-eyey

url VCID-uuq4-51jp-fqfj

vulnerability_id VCID-uuq4-51jp-fqfj

summary sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9667.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9667.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9667

reference_id

reference_type

scores

value	0.01771
scoring_system	epss
scoring_elements	0.82996
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1191090
reference_id	1191090
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1191090

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
reference_id	777656
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656

reference_url	https://security.gentoo.org/glsa/201503-05
reference_id	GLSA-201503-05
reference_type
scores
url	https://security.gentoo.org/glsa/201503-05

reference_url	https://access.redhat.com/errata/RHSA-2015:0696
reference_id	RHSA-2015:0696
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0696

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2014-9667

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uuq4-51jp-fqfj

url VCID-uyr7-9j1h-eker

vulnerability_id VCID-uyr7-9j1h-eker

summary Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9673.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9673.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9673

reference_id

reference_type

scores

value	0.02793
scoring_system	epss
scoring_elements	0.86364
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9673

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1191096
reference_id	1191096
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1191096

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
reference_id	777656
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656

reference_url	https://security.gentoo.org/glsa/201503-05
reference_id	GLSA-201503-05
reference_type
scores
url	https://security.gentoo.org/glsa/201503-05

reference_url	https://access.redhat.com/errata/RHSA-2015:0696
reference_id	RHSA-2015:0696
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0696

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2014-9673

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uyr7-9j1h-eker

url VCID-vx31-mywv-1fhr

vulnerability_id VCID-vx31-mywv-1fhr

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1144.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1144.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1144

reference_id

reference_type

scores

value	0.03525
scoring_system	epss
scoring_elements	0.87862
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1144

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800607
reference_id	800607
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800607

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1144
reference_id	CVE-2012-1144
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1144

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_url	https://access.redhat.com/errata/RHSA-2012:0467
reference_id	RHSA-2012:0467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0467

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1144

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vx31-mywv-1fhr

url VCID-xxs6-891m-t3bm

vulnerability_id VCID-xxs6-891m-t3bm

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1142.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1142.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1142

reference_id

reference_type

scores

value	0.04956
scoring_system	epss
scoring_elements	0.89835
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1142

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800604
reference_id	800604
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800604

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142
reference_id	CVE-2012-1142
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_url	https://access.redhat.com/errata/RHSA-2012:0467
reference_id	RHSA-2012:0467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0467

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1142

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xxs6-891m-t3bm

url VCID-z2q3-ejur-8uhb

vulnerability_id VCID-z2q3-ejur-8uhb

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1134.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1134.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1134

reference_id

reference_type

scores

value	0.05858
scoring_system	epss
scoring_elements	0.90723
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1134

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800592
reference_id	800592
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800592

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134
reference_id	CVE-2012-1134
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_url	https://access.redhat.com/errata/RHSA-2012:0467
reference_id	RHSA-2012:0467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0467

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1134

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z2q3-ejur-8uhb

url VCID-z66j-hvpb-9ydk

vulnerability_id VCID-z66j-hvpb-9ydk

summary

Mateusz Jurczyk of the Google Security Team used the Address
Sanitizer tool to discover a series of memory safety bugs in the FreeType
library, some of which could cause memory corruption and exploitable crashes
with certain fonts and font parsing. Firefox Mobile has been upgraded to
FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not
use Freetype for fonts and was not affected.
On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1143.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1143.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1143

reference_id

reference_type

scores

value	0.02148
scoring_system	epss
scoring_elements	0.8455
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1143

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864
reference_id	662864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=800606
reference_id	800606
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=800606

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143
reference_id	CVE-2012-1143
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143

reference_url	https://security.gentoo.org/glsa/201204-04
reference_id	GLSA-201204-04
reference_type
scores
url	https://security.gentoo.org/glsa/201204-04

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_id

mfsa2012-21

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2012-21

reference_url	https://access.redhat.com/errata/RHSA-2012:0467
reference_id	RHSA-2012:0467
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0467

fixed_packages

url pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

purl pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3r2c-py99-3bbt

vulnerability	VCID-6bcv-2cx6-77es

vulnerability	VCID-8pge-za7q-8ugx

vulnerability	VCID-8zjm-pmh1-p7a2

vulnerability	VCID-keyh-yygz-y7ep

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3

aliases CVE-2012-1143

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z66j-hvpb-9ydk

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@1.2-3

Package Instance