Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/4370?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/4370?format=api", "purl": "pkg:deb/debian/freetype@2.2.1-5", "type": "deb", "namespace": "debian", "name": "freetype", "version": "2.2.1-5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.12.1+dfsg-5+deb12u4", "latest_non_vulnerable_version": "2.12.1+dfsg-5+deb12u4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69371?format=api", "vulnerability_id": "VCID-1g6m-76bj-eqha", "summary": "The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9657.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9657.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01688", "scoring_system": "epss", "scoring_elements": "0.82561", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01688", "scoring_system": "epss", "scoring_elements": "0.82589", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01688", "scoring_system": "epss", "scoring_elements": "0.82588", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191079", "reference_id": "1191079", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191079" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9657" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1g6m-76bj-eqha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69462?format=api", "vulnerability_id": "VCID-1w63-ynmk-eya3", "summary": "FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27405.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27405.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27405", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25797", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25899", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25891", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27405" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010183", "reference_id": "1010183", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077991", "reference_id": "2077991", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077991" }, { "reference_url": "https://security.gentoo.org/glsa/202402-06", "reference_id": "GLSA-202402-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7745", "reference_id": "RHSA-2022:7745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8340", "reference_id": "RHSA-2022:8340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0420", "reference_id": "RHSA-2024:0420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0420" }, { "reference_url": "https://usn.ubuntu.com/5528-1/", "reference_id": "USN-5528-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5528-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6119?format=api", "purl": "pkg:deb/debian/freetype@2.10.4%2Bdfsg-1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fb8z-2smh-fueq" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.10.4%252Bdfsg-1%252Bdeb11u1" } ], "aliases": [ "CVE-2022-27405" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1w63-ynmk-eya3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69377?format=api", "vulnerability_id": "VCID-2nqu-79u6-kkez", "summary": "cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9659.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9659.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9659", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02849", "scoring_system": "epss", "scoring_elements": "0.86495", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02849", "scoring_system": "epss", "scoring_elements": "0.86517", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02849", "scoring_system": "epss", "scoring_elements": "0.86518", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9659" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9659", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9659" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191081", "reference_id": "1191081", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191081" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9659" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2nqu-79u6-kkez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69271?format=api", "vulnerability_id": "VCID-2qjp-4spz-mqcd", "summary": "Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2497.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2497.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02089", "scoring_system": "epss", "scoring_elements": "0.84333", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02089", "scoring_system": "epss", "scoring_elements": "0.84356", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02089", "scoring_system": "epss", "scoring_elements": "0.84359", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2497" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2497", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2497" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=613154", "reference_id": "613154", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=613154" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2010-2497" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2qjp-4spz-mqcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69273?format=api", "vulnerability_id": "VCID-2rzg-6jj1-8yad", "summary": "The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2498.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2498.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02649", "scoring_system": "epss", "scoring_elements": "0.86034", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02649", "scoring_system": "epss", "scoring_elements": "0.86056", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02649", "scoring_system": "epss", "scoring_elements": "0.86059", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2498" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=613160", "reference_id": "613160", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=613160" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0578", "reference_id": "RHSA-2010:0578", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0578" }, { "reference_url": "https://usn.ubuntu.com/963-1/", "reference_id": "USN-963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/963-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2010-2498" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2rzg-6jj1-8yad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2266?format=api", "vulnerability_id": "VCID-2yvb-7w2n-ybhg", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1131.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1131.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.8678", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86778", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1131" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800589", "reference_id": "800589", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800589" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131", "reference_id": "CVE-2012-1131", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1131" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2yvb-7w2n-ybhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2263?format=api", "vulnerability_id": "VCID-31q8-w6bh-zuey", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1128.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1128.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02697", "scoring_system": "epss", "scoring_elements": "0.86154", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02697", "scoring_system": "epss", "scoring_elements": "0.86175", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02697", "scoring_system": "epss", "scoring_elements": "0.86177", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1128" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800584", "reference_id": "800584", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800584" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1128", "reference_id": "CVE-2012-1128", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1128" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1128" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-31q8-w6bh-zuey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69444?format=api", "vulnerability_id": "VCID-3r2c-py99-3bbt", "summary": "The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10244.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10244.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10244", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56484", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56538", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56544", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429965", "reference_id": "1429965", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429965" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856971", "reference_id": "856971", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856971" }, { "reference_url": "https://security.gentoo.org/glsa/201706-14", "reference_id": "GLSA-201706-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201706-14" }, { "reference_url": "https://usn.ubuntu.com/3237-1/", "reference_id": "USN-3237-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3237-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4377?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3%252Bdeb8u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5533?format=api", "purl": "pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.6.3-3.2%252Bdeb9u1" } ], "aliases": [ "CVE-2016-10244" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3r2c-py99-3bbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69440?format=api", "vulnerability_id": "VCID-3sfc-a2u5-nkgt", "summary": "FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9382.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9382.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9382", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00798", "scoring_system": "epss", "scoring_elements": "0.74367", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00798", "scoring_system": "epss", "scoring_elements": "0.74399", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00798", "scoring_system": "epss", "scoring_elements": "0.74404", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9382" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9382", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9382" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1763609", "reference_id": "1763609", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1763609" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4254", "reference_id": "RHSA-2019:4254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4254" }, { "reference_url": "https://usn.ubuntu.com/4126-2/", "reference_id": "USN-4126-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4126-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5533?format=api", "purl": "pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.6.3-3.2%252Bdeb9u1" } ], "aliases": [ "CVE-2015-9382" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3sfc-a2u5-nkgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69303?format=api", "vulnerability_id": "VCID-3w4f-9qjv-cbe8", "summary": "Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an \"input stream position error\" issue, a different vulnerability than CVE-2010-1797.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3311.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3311.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3311", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05264", "scoring_system": "epss", "scoring_elements": "0.9016", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05264", "scoring_system": "epss", "scoring_elements": "0.90176", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05264", "scoring_system": "epss", "scoring_elements": "0.90175", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3311" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3311", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3311" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=623625", "reference_id": "623625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=623625" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0736", "reference_id": "RHSA-2010:0736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0737", "reference_id": "RHSA-2010:0737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0737" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0864", "reference_id": "RHSA-2010:0864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0864" }, { "reference_url": "https://usn.ubuntu.com/1013-1/", "reference_id": "USN-1013-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1013-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2010-3311" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3w4f-9qjv-cbe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69460?format=api", "vulnerability_id": "VCID-4yvt-rk2z-2bb9", "summary": "FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27404.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27404.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31066", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31131", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31098", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010183", "reference_id": "1010183", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077989", "reference_id": "2077989", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077989" }, { "reference_url": "https://security.gentoo.org/glsa/202402-06", "reference_id": "GLSA-202402-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7745", "reference_id": "RHSA-2022:7745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8340", "reference_id": "RHSA-2022:8340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0420", "reference_id": "RHSA-2024:0420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0420" }, { "reference_url": "https://usn.ubuntu.com/5528-1/", "reference_id": "USN-5528-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5528-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6119?format=api", "purl": "pkg:deb/debian/freetype@2.10.4%2Bdfsg-1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fb8z-2smh-fueq" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.10.4%252Bdfsg-1%252Bdeb11u1" } ], "aliases": [ "CVE-2022-27404" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4yvt-rk2z-2bb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69404?format=api", "vulnerability_id": "VCID-5y1m-7fhn-cbbr", "summary": "The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9668.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9668.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02246", "scoring_system": "epss", "scoring_elements": "0.84881", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02246", "scoring_system": "epss", "scoring_elements": "0.84903", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02246", "scoring_system": "epss", "scoring_elements": "0.84908", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9668" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191091", "reference_id": "1191091", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191091" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9668" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5y1m-7fhn-cbbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6573?format=api", "vulnerability_id": "VCID-6bcv-2cx6-77es", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8287.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8287.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8287", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74391", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74353", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00797", "scoring_system": "epss", "scoring_elements": "0.74386", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8287" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446073", "reference_id": "1446073", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446073" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861308", "reference_id": "861308", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861308" }, { "reference_url": "https://security.archlinux.org/ASA-201705-10", "reference_id": "ASA-201705-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201705-10" }, { "reference_url": "https://security.archlinux.org/ASA-201705-7", "reference_id": "ASA-201705-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201705-7" }, { "reference_url": "https://security.archlinux.org/AVG-257", "reference_id": "AVG-257", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-257" }, { "reference_url": "https://security.archlinux.org/AVG-258", "reference_id": "AVG-258", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-258" }, { "reference_url": "https://security.gentoo.org/glsa/201706-14", "reference_id": "GLSA-201706-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201706-14" }, { "reference_url": "https://usn.ubuntu.com/3282-1/", "reference_id": "USN-3282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3282-1/" }, { "reference_url": "https://usn.ubuntu.com/3282-2/", "reference_id": "USN-3282-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3282-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4377?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3%252Bdeb8u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5533?format=api", "purl": "pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.6.3-3.2%252Bdeb9u1" } ], "aliases": [ "CVE-2017-8287" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6bcv-2cx6-77es" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2262?format=api", "vulnerability_id": "VCID-6jeb-n9un-3qhd", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1127.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1127.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1127", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.8678", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86778", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1127" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800583", "reference_id": "800583", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800583" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127", "reference_id": "CVE-2012-1127", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1127" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6jeb-n9un-3qhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69390?format=api", "vulnerability_id": "VCID-71q4-11dy-6ua7", "summary": "The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9663.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9663.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02497", "scoring_system": "epss", "scoring_elements": "0.85598", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02497", "scoring_system": "epss", "scoring_elements": "0.8562", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02497", "scoring_system": "epss", "scoring_elements": "0.85625", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191085", "reference_id": "1191085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191085" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9663" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-71q4-11dy-6ua7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69356?format=api", "vulnerability_id": "VCID-75xz-zpmu-1ugk", "summary": "The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5669.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5669.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5669", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01687", "scoring_system": "epss", "scoring_elements": "0.82557", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01687", "scoring_system": "epss", "scoring_elements": "0.82585", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01687", "scoring_system": "epss", "scoring_elements": "0.82584", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5669" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696691", "reference_id": "696691", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696691" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=890088", "reference_id": "890088", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=890088" }, { "reference_url": "https://security.gentoo.org/glsa/201402-16", "reference_id": "GLSA-201402-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201402-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0216", "reference_id": "RHSA-2013:0216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0216" }, { "reference_url": "https://usn.ubuntu.com/1686-1/", "reference_id": "USN-1686-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1686-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-5669" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-75xz-zpmu-1ugk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2265?format=api", "vulnerability_id": "VCID-79xr-2yux-37ea", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1130.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1130.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1130", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.8678", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86778", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1130" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800587", "reference_id": "800587", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800587" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130", "reference_id": "CVE-2012-1130", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1130" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-79xr-2yux-37ea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69384?format=api", "vulnerability_id": "VCID-7vjf-m96b-6uay", "summary": "type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9661.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9661.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04005", "scoring_system": "epss", "scoring_elements": "0.88644", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04005", "scoring_system": "epss", "scoring_elements": "0.88661", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04005", "scoring_system": "epss", "scoring_elements": "0.88663", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191083", "reference_id": "1191083", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191083" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9661" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7vjf-m96b-6uay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69433?format=api", "vulnerability_id": "VCID-86b1-gj4n-eybh", "summary": "The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9747.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9747.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9747", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01099", "scoring_system": "epss", "scoring_elements": "0.78369", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01099", "scoring_system": "epss", "scoring_elements": "0.78395", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01099", "scoring_system": "epss", "scoring_elements": "0.78404", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9747" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262373", "reference_id": "1262373", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262373" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798619", "reference_id": "798619", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798619" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4377?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3%252Bdeb8u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5533?format=api", "purl": "pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.6.3-3.2%252Bdeb9u1" } ], "aliases": [ "CVE-2014-9747" ], "risk_score": 0.6, "exploitability": "0.5", "weighted_severity": "1.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86b1-gj4n-eybh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69287?format=api", "vulnerability_id": "VCID-8jxb-mwxb-bubc", "summary": "Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2541.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2541.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2541", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03635", "scoring_system": "epss", "scoring_elements": "0.88044", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03635", "scoring_system": "epss", "scoring_elements": "0.88064", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03635", "scoring_system": "epss", "scoring_elements": "0.88067", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2541" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2541", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2541" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=617342", "reference_id": "617342", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=617342" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0577", "reference_id": "RHSA-2010:0577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0578", "reference_id": "RHSA-2010:0578", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0578" }, { "reference_url": "https://usn.ubuntu.com/972-1/", "reference_id": "USN-972-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/972-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2010-2541" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8jxb-mwxb-bubc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69301?format=api", "vulnerability_id": "VCID-8n2a-uwre-rkf1", "summary": "Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3054.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3054.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3054", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03893", "scoring_system": "epss", "scoring_elements": "0.88473", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03893", "scoring_system": "epss", "scoring_elements": "0.88491", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03893", "scoring_system": "epss", "scoring_elements": "0.88493", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3054" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=625632", "reference_id": "625632", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625632" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0736", "reference_id": "RHSA-2010:0736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0737", "reference_id": "RHSA-2010:0737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0737" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2010-3054" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8n2a-uwre-rkf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69429?format=api", "vulnerability_id": "VCID-8pge-za7q-8ugx", "summary": "The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a \"broken number-with-base\" in a Postscript stream, as demonstrated by 8#garbage.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9745.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9745.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9745", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02852", "scoring_system": "epss", "scoring_elements": "0.86501", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02852", "scoring_system": "epss", "scoring_elements": "0.86524", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262377", "reference_id": "1262377", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262377" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798620", "reference_id": "798620", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798620" }, { "reference_url": "https://usn.ubuntu.com/2739-1/", "reference_id": "USN-2739-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2739-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4377?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3%252Bdeb8u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5533?format=api", "purl": "pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.6.3-3.2%252Bdeb9u1" } ], "aliases": [ "CVE-2014-9745" ], "risk_score": 0.6, "exploitability": "0.5", "weighted_severity": "1.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8pge-za7q-8ugx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2270?format=api", "vulnerability_id": "VCID-8sk7-1vxp-9bgd", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1135.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1135.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1135", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03525", "scoring_system": "epss", "scoring_elements": "0.87862", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03525", "scoring_system": "epss", "scoring_elements": "0.87883", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03525", "scoring_system": "epss", "scoring_elements": "0.87885", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1135" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800593", "reference_id": "800593", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800593" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135", "reference_id": "CVE-2012-1135", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1135" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8sk7-1vxp-9bgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69362?format=api", "vulnerability_id": "VCID-8xh3-svmf-tkc4", "summary": "Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2240.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2240.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2240", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02382", "scoring_system": "epss", "scoring_elements": "0.85283", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02382", "scoring_system": "epss", "scoring_elements": "0.85307", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02382", "scoring_system": "epss", "scoring_elements": "0.85313", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2240" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2240", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2240" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1074646", "reference_id": "1074646", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1074646" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741299", "reference_id": "741299", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741299" }, { "reference_url": "https://security.gentoo.org/glsa/201408-02", "reference_id": "GLSA-201408-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201408-02" }, { "reference_url": "https://usn.ubuntu.com/2148-1/", "reference_id": "USN-2148-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2148-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-2240" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8xh3-svmf-tkc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1201?format=api", "vulnerability_id": "VCID-8zjm-pmh1-p7a2", "summary": "In Freetype, if PNG images were embedded into fonts, the Load_SBit_Png function contained an integer overflow that led to a heap buffer overflow, memory corruption, and an exploitable crash.*Note: While Project Zero did discover instances of this vulnerability being exploited in the wild against Chrome, in Firefox this vulnerability is only triggerable if a rarely-used, hidden preference is toggled, and only affected Linux and Android operating systems. Other operating systems are unaffected; and Linux and Android are unaffected in the default configuration.*", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15999.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15999.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15999", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93031", "scoring_system": "epss", "scoring_elements": "0.99792", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15999" }, { "reference_url": "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/" } ], "url": "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html" }, { "reference_url": "https://crbug.com/1139963", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/" } ], "url": "https://crbug.com/1139963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15960" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15961", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15961" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15962", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15962" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15963", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15964", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15964" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15965", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15965" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15966", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15966" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15967", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15967" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15968" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15969", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15969" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15970", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15970" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15971", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15971" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15972", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15972" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15973", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15973" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15974", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15974" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15978", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15978" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15979", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15979" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15980", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15980" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15981", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15981" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15982", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15982" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15983", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15983" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15985", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15985" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15986", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15986" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15987", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15987" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15988", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15988" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15989", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15989" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15990", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15990" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15991", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15991" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15992", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15992" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16000", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16000" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16002" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16003" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16004" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16016", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16016" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16018", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16018" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16026" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16027", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16027" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16028", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16028" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16029", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16029" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16030", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16030" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16033", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16033" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16034", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16034" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16035", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16035" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16036", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16036" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16037", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16037" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16038", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16038" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16039", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16039" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16040", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16040" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16041", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16041" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16042", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16042" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36765" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6510", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6510" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6512" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6516" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6523" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6524" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6525", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6525" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6526" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6530", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6530" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6532" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6533" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6534", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6534" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6535", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6535" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6536", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6536" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6537" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6538", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6538" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6539", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6539" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6540", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6540" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6541", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6541" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6542", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6542" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6543", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6543" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6545", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6545" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6547", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6547" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6548", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6548" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6549", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6549" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6550", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6550" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6551", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6551" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6552", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6552" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6554", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6554" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6556" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6557", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6557" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6559", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6559" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6560", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6560" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6561", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6561" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6563", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6563" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6564", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6564" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6568", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6568" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6569", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6569" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6573", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6573" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6575", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6575" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6576" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Nov/33", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/" } ], "url": "http://seclists.org/fulldisclosure/2020/Nov/33" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/cefsharp/CefSharp", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/cefsharp/CefSharp" }, { "reference_url": "https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/" } ], "url": "https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7" }, { "reference_url": "https://security.gentoo.org/glsa/202011-12", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/" } ], "url": "https://security.gentoo.org/glsa/202011-12" }, { "reference_url": "https://security.gentoo.org/glsa/202012-04", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/" } ], "url": "https://security.gentoo.org/glsa/202012-04" }, { "reference_url": "https://security.gentoo.org/glsa/202401-19", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/" } ], "url": "https://security.gentoo.org/glsa/202401-19" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240812-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240812-0001" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4824", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/" } ], "url": "https://www.debian.org/security/2021/dsa-4824" }, { "reference_url": "https://www.nuget.org/packages/CefSharp.Common", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.nuget.org/packages/CefSharp.Common" }, { "reference_url": "https://www.nuget.org/packages/CefSharp.WinForms", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.nuget.org/packages/CefSharp.WinForms" }, { "reference_url": "https://www.nuget.org/packages/CefSharp.Wpf", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.nuget.org/packages/CefSharp.Wpf" }, { "reference_url": "https://www.nuget.org/packages/CefSharp.Wpf.HwndHost", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.nuget.org/packages/CefSharp.Wpf.HwndHost" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890210", "reference_id": "1890210", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890210" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972586", "reference_id": "972586", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972586" }, { "reference_url": "https://security.archlinux.org/ASA-202010-10", "reference_id": "ASA-202010-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202010-10" }, { "reference_url": "https://security.archlinux.org/ASA-202010-11", "reference_id": "ASA-202010-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202010-11" }, { "reference_url": "https://security.archlinux.org/ASA-202011-12", "reference_id": "ASA-202011-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-12" }, { "reference_url": "https://security.archlinux.org/AVG-1254", "reference_id": "AVG-1254", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1254" }, { "reference_url": "https://security.archlinux.org/AVG-1255", "reference_id": "AVG-1255", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1255" }, { "reference_url": "https://security.archlinux.org/AVG-1279", "reference_id": "AVG-1279", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1279" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15999", "reference_id": "CVE-2020-15999", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15999" }, { "reference_url": "https://github.com/advisories/GHSA-pv36-h7jh-qm62", "reference_id": "GHSA-pv36-h7jh-qm62", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pv36-h7jh-qm62" }, { "reference_url": "https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62", "reference_id": "GHSA-pv36-h7jh-qm62", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62" }, { "reference_url": "https://security.gentoo.org/glsa/202010-07", "reference_id": "GLSA-202010-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202010-07" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/", "reference_id": "J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T14:58:48Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-50", "reference_id": "mfsa2020-50", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-50" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51", "reference_id": "mfsa2020-51", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-51" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-52", "reference_id": "mfsa2020-52", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-52" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4351", "reference_id": "RHSA-2020:4351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4351" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4907", "reference_id": "RHSA-2020:4907", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4907" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4949", "reference_id": "RHSA-2020:4949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4950", "reference_id": "RHSA-2020:4950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4951", "reference_id": "RHSA-2020:4951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4952", "reference_id": "RHSA-2020:4952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4952" }, { "reference_url": "https://usn.ubuntu.com/4593-1/", "reference_id": "USN-4593-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4593-1/" }, { "reference_url": "https://usn.ubuntu.com/4593-2/", "reference_id": "USN-4593-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4593-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5534?format=api", "purl": "pkg:deb/debian/freetype@2.9.1-3%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.9.1-3%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/6119?format=api", "purl": "pkg:deb/debian/freetype@2.10.4%2Bdfsg-1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fb8z-2smh-fueq" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.10.4%252Bdfsg-1%252Bdeb11u1" } ], "aliases": [ "CVE-2020-15999", "GHSA-pv36-h7jh-qm62" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8zjm-pmh1-p7a2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69352?format=api", "vulnerability_id": "VCID-993u-8fyr-kqdy", "summary": "FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an \"allocation error\" in the bdf_free_font function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5668.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5668.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02815", "scoring_system": "epss", "scoring_elements": "0.86412", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02815", "scoring_system": "epss", "scoring_elements": "0.86435", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02815", "scoring_system": "epss", "scoring_elements": "0.86436", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5668" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696691", "reference_id": "696691", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696691" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=890087", "reference_id": "890087", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=890087" }, { "reference_url": "https://security.gentoo.org/glsa/201402-16", "reference_id": "GLSA-201402-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201402-16" }, { "reference_url": "https://usn.ubuntu.com/1686-1/", "reference_id": "USN-1686-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1686-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-5668" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-993u-8fyr-kqdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69251?format=api", "vulnerability_id": "VCID-9d7b-xu7h-wffk", "summary": "Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1351.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1351.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1351", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07768", "scoring_system": "epss", "scoring_elements": "0.92099", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07768", "scoring_system": "epss", "scoring_elements": "0.92112", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.07768", "scoring_system": "epss", "scoring_elements": "0.92109", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=235265", "reference_id": "235265", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=235265" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426771", "reference_id": "426771", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426771" }, { "reference_url": "https://security.gentoo.org/glsa/200705-02", "reference_id": "GLSA-200705-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200705-02" }, { "reference_url": "https://security.gentoo.org/glsa/200705-10", "reference_id": "GLSA-200705-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200705-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0125", "reference_id": "RHSA-2007:0125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0126", "reference_id": "RHSA-2007:0126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0132", "reference_id": "RHSA-2007:0132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0150", "reference_id": "RHSA-2007:0150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0150" }, { "reference_url": "https://usn.ubuntu.com/448-1/", "reference_id": "USN-448-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/448-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4372?format=api", "purl": "pkg:deb/debian/freetype@2.3.7-2%2Blenny8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2qjp-4spz-mqcd" }, { "vulnerability": "VCID-2rzg-6jj1-8yad" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-3w4f-9qjv-cbe8" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8jxb-mwxb-bubc" }, { "vulnerability": "VCID-8n2a-uwre-rkf1" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-c9zr-gqub-mydn" }, { "vulnerability": "VCID-cg7m-wj97-8bbm" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-ebzt-mp23-v7g8" }, { "vulnerability": "VCID-ejj1-9r1p-n7ce" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-g8vr-rkh5-muhe" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-h48u-hr6k-suhh" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-jtxs-u48n-yqfc" }, { "vulnerability": "VCID-kbzn-9y93-uqa7" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nfk2-txt8-97f1" }, { "vulnerability": "VCID-nq1s-4y21-qyhq" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-urt2-ptbg-vqcn" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-v2ts-kp6b-13ht" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" }, { "vulnerability": "VCID-znbr-a2vb-9fca" }, { "vulnerability": "VCID-zp6q-jhnx-6yhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.3.7-2%252Blenny8" } ], "aliases": [ "CVE-2007-1351" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9d7b-xu7h-wffk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69253?format=api", "vulnerability_id": "VCID-9gvj-784g-3ybs", "summary": "Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2754.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2754.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.41922", "scoring_system": "epss", "scoring_elements": "0.97502", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.41922", "scoring_system": "epss", "scoring_elements": "0.97508", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.41922", "scoring_system": "epss", "scoring_elements": "0.97509", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2754" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=240200", "reference_id": "240200", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240200" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=425625", "reference_id": "425625", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=425625" }, { "reference_url": "https://security.gentoo.org/glsa/200705-22", "reference_id": "GLSA-200705-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200705-22" }, { "reference_url": "https://security.gentoo.org/glsa/200707-02", "reference_id": "GLSA-200707-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200707-02" }, { "reference_url": "https://security.gentoo.org/glsa/201006-01", "reference_id": "GLSA-201006-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201006-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0403", "reference_id": "RHSA-2007:0403", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0403" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0329", "reference_id": "RHSA-2009:0329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1062", "reference_id": "RHSA-2009:1062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1062" }, { "reference_url": "https://usn.ubuntu.com/466-1/", "reference_id": "USN-466-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/466-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4372?format=api", "purl": "pkg:deb/debian/freetype@2.3.7-2%2Blenny8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2qjp-4spz-mqcd" }, { "vulnerability": "VCID-2rzg-6jj1-8yad" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-3w4f-9qjv-cbe8" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8jxb-mwxb-bubc" }, { "vulnerability": "VCID-8n2a-uwre-rkf1" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-c9zr-gqub-mydn" }, { "vulnerability": "VCID-cg7m-wj97-8bbm" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-ebzt-mp23-v7g8" }, { "vulnerability": "VCID-ejj1-9r1p-n7ce" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-g8vr-rkh5-muhe" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-h48u-hr6k-suhh" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-jtxs-u48n-yqfc" }, { "vulnerability": "VCID-kbzn-9y93-uqa7" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nfk2-txt8-97f1" }, { "vulnerability": "VCID-nq1s-4y21-qyhq" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-urt2-ptbg-vqcn" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-v2ts-kp6b-13ht" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" }, { "vulnerability": "VCID-znbr-a2vb-9fca" }, { "vulnerability": "VCID-zp6q-jhnx-6yhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.3.7-2%252Blenny8" } ], "aliases": [ "CVE-2007-2754" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9gvj-784g-3ybs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69264?format=api", "vulnerability_id": "VCID-9tw2-uv12-e3ge", "summary": "Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1808.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1808.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1808", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0261", "scoring_system": "epss", "scoring_elements": "0.85918", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0261", "scoring_system": "epss", "scoring_elements": "0.8594", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0261", "scoring_system": "epss", "scoring_elements": "0.85943", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1808" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=450774", "reference_id": "450774", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=450774" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485841", "reference_id": "485841", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485841" }, { "reference_url": "https://security.gentoo.org/glsa/200806-10", "reference_id": "GLSA-200806-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200806-10" }, { "reference_url": "https://security.gentoo.org/glsa/201209-25", "reference_id": "GLSA-201209-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0556", "reference_id": "RHSA-2008:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0558", "reference_id": "RHSA-2008:0558", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0558" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0329", "reference_id": "RHSA-2009:0329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0329" }, { "reference_url": "https://usn.ubuntu.com/643-1/", "reference_id": "USN-643-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/643-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4372?format=api", "purl": "pkg:deb/debian/freetype@2.3.7-2%2Blenny8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2qjp-4spz-mqcd" }, { "vulnerability": "VCID-2rzg-6jj1-8yad" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-3w4f-9qjv-cbe8" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8jxb-mwxb-bubc" }, { "vulnerability": "VCID-8n2a-uwre-rkf1" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-c9zr-gqub-mydn" }, { "vulnerability": "VCID-cg7m-wj97-8bbm" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-ebzt-mp23-v7g8" }, { "vulnerability": "VCID-ejj1-9r1p-n7ce" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-g8vr-rkh5-muhe" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-h48u-hr6k-suhh" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-jtxs-u48n-yqfc" }, { "vulnerability": "VCID-kbzn-9y93-uqa7" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nfk2-txt8-97f1" }, { "vulnerability": "VCID-nq1s-4y21-qyhq" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-urt2-ptbg-vqcn" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-v2ts-kp6b-13ht" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" }, { "vulnerability": "VCID-znbr-a2vb-9fca" }, { "vulnerability": "VCID-zp6q-jhnx-6yhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.3.7-2%252Blenny8" } ], "aliases": [ "CVE-2008-1808" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9tw2-uv12-e3ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69409?format=api", "vulnerability_id": "VCID-9ud1-v7xu-g7dy", "summary": "Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9670.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9670.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03266", "scoring_system": "epss", "scoring_elements": "0.87389", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03266", "scoring_system": "epss", "scoring_elements": "0.87411", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03266", "scoring_system": "epss", "scoring_elements": "0.87409", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191093", "reference_id": "1191093", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191093" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9670" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ud1-v7xu-g7dy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69435?format=api", "vulnerability_id": "VCID-a4yj-9xf1-bybu", "summary": "In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9290.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9290.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9290", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65926", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.65978", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0049", "scoring_system": "epss", "scoring_elements": "0.6599", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9290" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741802", "reference_id": "1741802", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741802" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5533?format=api", "purl": "pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.6.3-3.2%252Bdeb9u1" } ], "aliases": [ "CVE-2015-9290" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a4yj-9xf1-bybu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2273?format=api", "vulnerability_id": "VCID-aswe-3g48-wfgm", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1138.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1138.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03525", "scoring_system": "epss", "scoring_elements": "0.87862", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03525", "scoring_system": "epss", "scoring_elements": "0.87883", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03525", "scoring_system": "epss", "scoring_elements": "0.87885", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1138" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800597", "reference_id": "800597", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138", "reference_id": "CVE-2012-1138", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1138" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aswe-3g48-wfgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69415?format=api", "vulnerability_id": "VCID-axt7-mnzh-vqhp", "summary": "Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9672.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9672.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03153", "scoring_system": "epss", "scoring_elements": "0.87142", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03153", "scoring_system": "epss", "scoring_elements": "0.87164", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03153", "scoring_system": "epss", "scoring_elements": "0.87162", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191095", "reference_id": "1191095", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191095" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9672" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axt7-mnzh-vqhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69318?format=api", "vulnerability_id": "VCID-b8wk-n575-afd5", "summary": "FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3439.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3439.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3439", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08298", "scoring_system": "epss", "scoring_elements": "0.924", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08298", "scoring_system": "epss", "scoring_elements": "0.92413", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.08298", "scoring_system": "epss", "scoring_elements": "0.92409", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3439" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3439", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3439" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649122", "reference_id": "649122", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649122" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=753799", "reference_id": "753799", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=753799" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1455", "reference_id": "RHSA-2011:1455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0094", "reference_id": "RHSA-2012:0094", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0094" }, { "reference_url": "https://usn.ubuntu.com/1267-1/", "reference_id": "USN-1267-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1267-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2011-3439" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8wk-n575-afd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69387?format=api", "vulnerability_id": "VCID-bnz5-ugr3-7qch", "summary": "cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9662.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9662.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03932", "scoring_system": "epss", "scoring_elements": "0.88535", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03932", "scoring_system": "epss", "scoring_elements": "0.88553", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03932", "scoring_system": "epss", "scoring_elements": "0.88555", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9662" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9662" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191084", "reference_id": "1191084", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191084" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9662" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bnz5-ugr3-7qch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69465?format=api", "vulnerability_id": "VCID-c5e7-yx9x-hygd", "summary": "FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27406.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27406.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27406", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35529", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35624", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35636", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27406" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010183", "reference_id": "1010183", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077985", "reference_id": "2077985", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077985" }, { "reference_url": "https://security.gentoo.org/glsa/202402-06", "reference_id": "GLSA-202402-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7745", "reference_id": "RHSA-2022:7745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8340", "reference_id": "RHSA-2022:8340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0420", "reference_id": "RHSA-2024:0420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0420" }, { "reference_url": "https://usn.ubuntu.com/5453-1/", "reference_id": "USN-5453-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5453-1/" }, { "reference_url": "https://usn.ubuntu.com/5528-1/", "reference_id": "USN-5528-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5528-1/" }, { "reference_url": "https://usn.ubuntu.com/7352-2/", "reference_id": "USN-7352-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7352-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6119?format=api", "purl": "pkg:deb/debian/freetype@2.10.4%2Bdfsg-1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fb8z-2smh-fueq" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.10.4%252Bdfsg-1%252Bdeb11u1" } ], "aliases": [ "CVE-2022-27406" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c5e7-yx9x-hygd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69285?format=api", "vulnerability_id": "VCID-c9zr-gqub-mydn", "summary": "Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2527.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2527.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02329", "scoring_system": "epss", "scoring_elements": "0.85122", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02329", "scoring_system": "epss", "scoring_elements": "0.85147", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02329", "scoring_system": "epss", "scoring_elements": "0.85152", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2527" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=614557", "reference_id": "614557", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=614557" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0577", "reference_id": "RHSA-2010:0577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0578", "reference_id": "RHSA-2010:0578", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0578" }, { "reference_url": "https://usn.ubuntu.com/963-1/", "reference_id": "USN-963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/963-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2010-2527" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c9zr-gqub-mydn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69266?format=api", "vulnerability_id": "VCID-cg7m-wj97-8bbm", "summary": "Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0946.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0946.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0946", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16376", "scoring_system": "epss", "scoring_elements": "0.94984", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.16376", "scoring_system": "epss", "scoring_elements": "0.94992", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.16376", "scoring_system": "epss", "scoring_elements": "0.94993", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0946" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0946" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=491384", "reference_id": "491384", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491384" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524925", "reference_id": "524925", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524925" }, { "reference_url": "https://security.gentoo.org/glsa/200905-05", "reference_id": "GLSA-200905-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200905-05" }, { "reference_url": "https://security.gentoo.org/glsa/201412-08", "reference_id": "GLSA-201412-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0329", "reference_id": "RHSA-2009:0329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1061", "reference_id": "RHSA-2009:1061", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1061" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1062", "reference_id": "RHSA-2009:1062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1062" }, { "reference_url": "https://usn.ubuntu.com/767-1/", "reference_id": "USN-767-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/767-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2009-0946" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cg7m-wj97-8bbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69261?format=api", "vulnerability_id": "VCID-cxuq-g7g3-1qfs", "summary": "FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid \"number of axes\" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1807.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1807.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1807", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05908", "scoring_system": "epss", "scoring_elements": "0.90772", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05908", "scoring_system": "epss", "scoring_elements": "0.90786", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1807" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=450773", "reference_id": "450773", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=450773" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485841", "reference_id": "485841", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485841" }, { "reference_url": "https://security.gentoo.org/glsa/200806-10", "reference_id": "GLSA-200806-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200806-10" }, { "reference_url": "https://security.gentoo.org/glsa/201209-25", "reference_id": "GLSA-201209-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0556", "reference_id": "RHSA-2008:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0558", "reference_id": "RHSA-2008:0558", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0558" }, { "reference_url": "https://usn.ubuntu.com/643-1/", "reference_id": "USN-643-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/643-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4372?format=api", "purl": "pkg:deb/debian/freetype@2.3.7-2%2Blenny8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2qjp-4spz-mqcd" }, { "vulnerability": "VCID-2rzg-6jj1-8yad" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-3w4f-9qjv-cbe8" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8jxb-mwxb-bubc" }, { "vulnerability": "VCID-8n2a-uwre-rkf1" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-c9zr-gqub-mydn" }, { "vulnerability": "VCID-cg7m-wj97-8bbm" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-ebzt-mp23-v7g8" }, { "vulnerability": "VCID-ejj1-9r1p-n7ce" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-g8vr-rkh5-muhe" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-h48u-hr6k-suhh" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-jtxs-u48n-yqfc" }, { "vulnerability": "VCID-kbzn-9y93-uqa7" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nfk2-txt8-97f1" }, { "vulnerability": "VCID-nq1s-4y21-qyhq" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-urt2-ptbg-vqcn" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-v2ts-kp6b-13ht" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" }, { "vulnerability": "VCID-znbr-a2vb-9fca" }, { "vulnerability": "VCID-zp6q-jhnx-6yhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.3.7-2%252Blenny8" } ], "aliases": [ "CVE-2008-1807" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cxuq-g7g3-1qfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69398?format=api", "vulnerability_id": "VCID-d2ph-8m1f-kfc3", "summary": "The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9666.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9666.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79573", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79599", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01239", "scoring_system": "epss", "scoring_elements": "0.79605", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191089", "reference_id": "1191089", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191089" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9666" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d2ph-8m1f-kfc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69430?format=api", "vulnerability_id": "VCID-d47r-eebb-jba6", "summary": "The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9746.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9746.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9746", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.75095", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.75124", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00842", "scoring_system": "epss", "scoring_elements": "0.75127", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262373", "reference_id": "1262373", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262373" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798619", "reference_id": "798619", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798619" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4377?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3%252Bdeb8u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5533?format=api", "purl": "pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.6.3-3.2%252Bdeb9u1" } ], "aliases": [ "CVE-2014-9746" ], "risk_score": 0.6, "exploitability": "0.5", "weighted_severity": "1.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d47r-eebb-jba6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69396?format=api", "vulnerability_id": "VCID-d76k-xm6p-zbd4", "summary": "The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9665.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9665.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9665", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03124", "scoring_system": "epss", "scoring_elements": "0.87091", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03124", "scoring_system": "epss", "scoring_elements": "0.87113", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03124", "scoring_system": "epss", "scoring_elements": "0.87111", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9665" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9665" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191087", "reference_id": "1191087", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191087" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9665" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d76k-xm6p-zbd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69406?format=api", "vulnerability_id": "VCID-dg4p-f6uk-gkgy", "summary": "Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9669.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9669.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01838", "scoring_system": "epss", "scoring_elements": "0.83295", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01838", "scoring_system": "epss", "scoring_elements": "0.83321", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01838", "scoring_system": "epss", "scoring_elements": "0.83322", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191092", "reference_id": "1191092", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191092" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9669" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dg4p-f6uk-gkgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2268?format=api", "vulnerability_id": "VCID-e4yc-a8j8-mqfq", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1133.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1133.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1133", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03525", "scoring_system": "epss", "scoring_elements": "0.87862", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03525", "scoring_system": "epss", "scoring_elements": "0.87883", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03525", "scoring_system": "epss", "scoring_elements": "0.87885", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1133" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800591", "reference_id": "800591", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800591" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133", "reference_id": "CVE-2012-1133", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1133" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e4yc-a8j8-mqfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69297?format=api", "vulnerability_id": "VCID-ebzt-mp23-v7g8", "summary": "Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2808.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2808.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2808", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05751", "scoring_system": "epss", "scoring_elements": "0.90615", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05751", "scoring_system": "epss", "scoring_elements": "0.90629", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2808" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=621907", "reference_id": "621907", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=621907" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0737", "reference_id": "RHSA-2010:0737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0737" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0864", "reference_id": "RHSA-2010:0864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0864" }, { "reference_url": "https://usn.ubuntu.com/972-1/", "reference_id": "USN-972-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/972-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2010-2808" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ebzt-mp23-v7g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69277?format=api", "vulnerability_id": "VCID-ejj1-9r1p-n7ce", "summary": "Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2500.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2500.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2500", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02649", "scoring_system": "epss", "scoring_elements": "0.86034", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02649", "scoring_system": "epss", "scoring_elements": "0.86056", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02649", "scoring_system": "epss", "scoring_elements": "0.86059", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2500" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2500", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2500" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=613167", "reference_id": "613167", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=613167" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0577", "reference_id": "RHSA-2010:0577", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0577" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0578", "reference_id": "RHSA-2010:0578", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0578" }, { "reference_url": "https://usn.ubuntu.com/963-1/", "reference_id": "USN-963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/963-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2010-2500" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ejj1-9r1p-n7ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69256?format=api", "vulnerability_id": "VCID-ek57-t13n-s7ab", "summary": "The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a \"memory buffer overwrite bug.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3506.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3506.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3506", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.73334", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.73371", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.73376", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3506" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3506", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3506" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=235479", "reference_id": "235479", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=235479" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432013", "reference_id": "432013", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432013" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4372?format=api", "purl": "pkg:deb/debian/freetype@2.3.7-2%2Blenny8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2qjp-4spz-mqcd" }, { "vulnerability": "VCID-2rzg-6jj1-8yad" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-3w4f-9qjv-cbe8" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8jxb-mwxb-bubc" }, { "vulnerability": "VCID-8n2a-uwre-rkf1" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-c9zr-gqub-mydn" }, { "vulnerability": "VCID-cg7m-wj97-8bbm" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-ebzt-mp23-v7g8" }, { "vulnerability": "VCID-ejj1-9r1p-n7ce" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-g8vr-rkh5-muhe" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-h48u-hr6k-suhh" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-jtxs-u48n-yqfc" }, { "vulnerability": "VCID-kbzn-9y93-uqa7" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nfk2-txt8-97f1" }, { "vulnerability": "VCID-nq1s-4y21-qyhq" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-urt2-ptbg-vqcn" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-v2ts-kp6b-13ht" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" }, { "vulnerability": "VCID-znbr-a2vb-9fca" }, { "vulnerability": "VCID-zp6q-jhnx-6yhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.3.7-2%252Blenny8" } ], "aliases": [ "CVE-2007-3506" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ek57-t13n-s7ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69412?format=api", "vulnerability_id": "VCID-epxh-ss4r-zbdn", "summary": "Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9671.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9671.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02062", "scoring_system": "epss", "scoring_elements": "0.84233", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02062", "scoring_system": "epss", "scoring_elements": "0.84256", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02062", "scoring_system": "epss", "scoring_elements": "0.84259", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191094", "reference_id": "1191094", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191094" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9671" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-epxh-ss4r-zbdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2264?format=api", "vulnerability_id": "VCID-fe3g-ww6q-hqa8", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1129.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1129.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1129", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.8678", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86778", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1129" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800585", "reference_id": "800585", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800585" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129", "reference_id": "CVE-2012-1129", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1129" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fe3g-ww6q-hqa8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2272?format=api", "vulnerability_id": "VCID-g8bk-9bsd-p7bk", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1137.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1137.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1137", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.8678", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86778", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1137" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800595", "reference_id": "800595", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800595" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137", "reference_id": "CVE-2012-1137", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1137" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8bk-9bsd-p7bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69290?format=api", "vulnerability_id": "VCID-g8vr-rkh5-muhe", "summary": "The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2805.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2805.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2805", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03267", "scoring_system": "epss", "scoring_elements": "0.87391", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03267", "scoring_system": "epss", "scoring_elements": "0.87413", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03267", "scoring_system": "epss", "scoring_elements": "0.87411", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2805" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2805", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2805" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=625626", "reference_id": "625626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625626" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0864", "reference_id": "RHSA-2010:0864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0864" }, { "reference_url": "https://usn.ubuntu.com/972-1/", "reference_id": "USN-972-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/972-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2010-2805" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8vr-rkh5-muhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69367?format=api", "vulnerability_id": "VCID-gwdk-xf64-kuen", "summary": "The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9656.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9656.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.85214", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.85239", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02359", "scoring_system": "epss", "scoring_elements": "0.85244", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191078", "reference_id": "1191078", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191078" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9656" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gwdk-xf64-kuen" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69280?format=api", "vulnerability_id": "VCID-h48u-hr6k-suhh", "summary": "Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2519.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2519.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2519", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0452", "scoring_system": "epss", "scoring_elements": "0.89342", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0452", "scoring_system": "epss", "scoring_elements": "0.89361", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0452", "scoring_system": "epss", "scoring_elements": "0.89362", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2519" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=613194", "reference_id": "613194", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=613194" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0578", "reference_id": "RHSA-2010:0578", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0578" }, { "reference_url": "https://usn.ubuntu.com/963-1/", "reference_id": "USN-963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/963-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2010-2519" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h48u-hr6k-suhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2261?format=api", "vulnerability_id": "VCID-jqjv-gjbe-dbfg", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1126.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1126.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1126", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03091", "scoring_system": "epss", "scoring_elements": "0.87032", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03091", "scoring_system": "epss", "scoring_elements": "0.87054", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03091", "scoring_system": "epss", "scoring_elements": "0.87052", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1126" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800581", "reference_id": "800581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126", "reference_id": "CVE-2012-1126", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1126" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqjv-gjbe-dbfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69283?format=api", "vulnerability_id": "VCID-jtxs-u48n-yqfc", "summary": "Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2520.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2520.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2520", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03154", "scoring_system": "epss", "scoring_elements": "0.87144", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03154", "scoring_system": "epss", "scoring_elements": "0.87167", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03154", "scoring_system": "epss", "scoring_elements": "0.87164", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2520" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=613198", "reference_id": "613198", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=613198" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://usn.ubuntu.com/963-1/", "reference_id": "USN-963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/963-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2010-2520" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jtxs-u48n-yqfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69293?format=api", "vulnerability_id": "VCID-kbzn-9y93-uqa7", "summary": "Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2806.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2806.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2806", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06428", "scoring_system": "epss", "scoring_elements": "0.91218", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06428", "scoring_system": "epss", "scoring_elements": "0.9123", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2806" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2806", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2806" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=621980", "reference_id": "621980", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=621980" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0736", "reference_id": "RHSA-2010:0736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0737", "reference_id": "RHSA-2010:0737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0737" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0864", "reference_id": "RHSA-2010:0864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0864" }, { "reference_url": "https://usn.ubuntu.com/972-1/", "reference_id": "USN-972-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/972-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2010-2806" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kbzn-9y93-uqa7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2276?format=api", "vulnerability_id": "VCID-kemx-zuam-uqab", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1141.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1141.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1141", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.8678", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86778", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1141" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800602", "reference_id": "800602", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800602" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141", "reference_id": "CVE-2012-1141", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1141" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kemx-zuam-uqab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6574?format=api", "vulnerability_id": "VCID-keyh-yygz-y7ep", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8105.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8105.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8105", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00966", "scoring_system": "epss", "scoring_elements": "0.76952", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00966", "scoring_system": "epss", "scoring_elements": "0.76961", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00966", "scoring_system": "epss", "scoring_elements": "0.76919", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446500", "reference_id": "1446500", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1446500" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861220", "reference_id": "861220", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861220" }, { "reference_url": "https://security.archlinux.org/ASA-201705-10", "reference_id": "ASA-201705-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201705-10" }, { "reference_url": "https://security.archlinux.org/ASA-201705-7", "reference_id": "ASA-201705-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201705-7" }, { "reference_url": "https://security.archlinux.org/AVG-257", "reference_id": "AVG-257", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-257" }, { "reference_url": "https://security.archlinux.org/AVG-258", "reference_id": "AVG-258", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-258" }, { "reference_url": "https://security.gentoo.org/glsa/201706-14", "reference_id": "GLSA-201706-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201706-14" }, { "reference_url": "https://usn.ubuntu.com/3282-1/", "reference_id": "USN-3282-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3282-1/" }, { "reference_url": "https://usn.ubuntu.com/3282-2/", "reference_id": "USN-3282-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3282-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4377?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3%252Bdeb8u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5533?format=api", "purl": "pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.6.3-3.2%252Bdeb9u1" } ], "aliases": [ "CVE-2017-8105" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-keyh-yygz-y7ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2271?format=api", "vulnerability_id": "VCID-kwd7-sv6y-eyh8", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1136.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1136.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04956", "scoring_system": "epss", "scoring_elements": "0.89835", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04956", "scoring_system": "epss", "scoring_elements": "0.89851", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04956", "scoring_system": "epss", "scoring_elements": "0.89852", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1136" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800594", "reference_id": "800594", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800594" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136", "reference_id": "CVE-2012-1136", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1136" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kwd7-sv6y-eyh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69311?format=api", "vulnerability_id": "VCID-mduc-7752-v3ef", "summary": "Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0226.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0226.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0226", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10653", "scoring_system": "epss", "scoring_elements": "0.93437", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10653", "scoring_system": "epss", "scoring_elements": "0.93448", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.10653", "scoring_system": "epss", "scoring_elements": "0.93449", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0226" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635871", "reference_id": "635871", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635871" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=722701", "reference_id": "722701", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722701" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1085", "reference_id": "RHSA-2011:1085", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1085" }, { "reference_url": "https://usn.ubuntu.com/1173-1/", "reference_id": "USN-1173-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1173-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2011-0226" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mduc-7752-v3ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69359?format=api", "vulnerability_id": "VCID-n8ke-6dq8-2uaf", "summary": "The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5670.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5670.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5670", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02977", "scoring_system": "epss", "scoring_elements": "0.86775", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02977", "scoring_system": "epss", "scoring_elements": "0.86797", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02977", "scoring_system": "epss", "scoring_elements": "0.86795", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5670" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696691", "reference_id": "696691", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696691" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=890094", "reference_id": "890094", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=890094" }, { "reference_url": "https://security.gentoo.org/glsa/201402-16", "reference_id": "GLSA-201402-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201402-16" }, { "reference_url": "https://usn.ubuntu.com/1686-1/", "reference_id": "USN-1686-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1686-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-5670" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n8ke-6dq8-2uaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69299?format=api", "vulnerability_id": "VCID-nfk2-txt8-97f1", "summary": "bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3053.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3053.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01701", "scoring_system": "epss", "scoring_elements": "0.82639", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01701", "scoring_system": "epss", "scoring_elements": "0.82666", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01701", "scoring_system": "epss", "scoring_elements": "0.82665", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3053" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3053", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3053" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=625630", "reference_id": "625630", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625630" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2010-3053" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nfk2-txt8-97f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69275?format=api", "vulnerability_id": "VCID-nq1s-4y21-qyhq", "summary": "Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2499.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2499.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2499", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03379", "scoring_system": "epss", "scoring_elements": "0.876", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03379", "scoring_system": "epss", "scoring_elements": "0.87622", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03379", "scoring_system": "epss", "scoring_elements": "0.87623", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2499" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=613162", "reference_id": "613162", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=613162" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0578", "reference_id": "RHSA-2010:0578", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0578" }, { "reference_url": "https://usn.ubuntu.com/963-1/", "reference_id": "USN-963-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/963-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2010-2499" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nq1s-4y21-qyhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69381?format=api", "vulnerability_id": "VCID-nsas-gyxj-67g2", "summary": "The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9660.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9660.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04649", "scoring_system": "epss", "scoring_elements": "0.89483", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04649", "scoring_system": "epss", "scoring_elements": "0.89502", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04649", "scoring_system": "epss", "scoring_elements": "0.89501", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191082", "reference_id": "1191082", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191082" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9660" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nsas-gyxj-67g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69437?format=api", "vulnerability_id": "VCID-p7jb-tuz7-t3h7", "summary": "FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9381.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9381.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00711", "scoring_system": "epss", "scoring_elements": "0.72627", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00711", "scoring_system": "epss", "scoring_elements": "0.72666", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00711", "scoring_system": "epss", "scoring_elements": "0.72673", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9381" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752788", "reference_id": "1752788", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752788" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4254", "reference_id": "RHSA-2019:4254", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4254" }, { "reference_url": "https://usn.ubuntu.com/4126-2/", "reference_id": "USN-4126-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4126-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5533?format=api", "purl": "pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.6.3-3.2%252Bdeb9u1" } ], "aliases": [ "CVE-2015-9381" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p7jb-tuz7-t3h7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2267?format=api", "vulnerability_id": "VCID-psxs-t1t2-bkba", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1132.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1132.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1132", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.8678", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86778", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1132" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800590", "reference_id": "800590", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800590" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132", "reference_id": "CVE-2012-1132", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1132" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-psxs-t1t2-bkba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69365?format=api", "vulnerability_id": "VCID-qfk8-g847-a3aj", "summary": "The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2241.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2241.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2241", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.70346", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.70388", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.70397", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2241" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2241", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2241" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1074646", "reference_id": "1074646", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1074646" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741299", "reference_id": "741299", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741299" }, { "reference_url": "https://usn.ubuntu.com/2148-1/", "reference_id": "USN-2148-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2148-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-2241" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qfk8-g847-a3aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69374?format=api", "vulnerability_id": "VCID-qpms-y8cx-dkdw", "summary": "The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9658.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9658.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01688", "scoring_system": "epss", "scoring_elements": "0.82561", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01688", "scoring_system": "epss", "scoring_elements": "0.82589", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01688", "scoring_system": "epss", "scoring_elements": "0.82588", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191080", "reference_id": "1191080", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191080" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9658" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qpms-y8cx-dkdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69425?format=api", "vulnerability_id": "VCID-r3y3-86vk-5fem", "summary": "bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9675.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9675.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0141", "scoring_system": "epss", "scoring_elements": "0.80841", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0141", "scoring_system": "epss", "scoring_elements": "0.8087", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0141", "scoring_system": "epss", "scoring_elements": "0.80872", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9675" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191192", "reference_id": "1191192", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191192" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9675" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r3y3-86vk-5fem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2274?format=api", "vulnerability_id": "VCID-r47y-we15-pqg3", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1139.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1139.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1139", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.8678", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86778", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1139" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800598", "reference_id": "800598", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139", "reference_id": "CVE-2012-1139", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1139" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r47y-we15-pqg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69393?format=api", "vulnerability_id": "VCID-rqa9-mp2r-g3cn", "summary": "FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9664.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9664.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01169", "scoring_system": "epss", "scoring_elements": "0.78991", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01169", "scoring_system": "epss", "scoring_elements": "0.79018", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01169", "scoring_system": "epss", "scoring_elements": "0.79024", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191086", "reference_id": "1191086", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191086" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9664" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rqa9-mp2r-g3cn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69258?format=api", "vulnerability_id": "VCID-rzzk-dbbn-kube", "summary": "Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1806.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1806.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1806", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03824", "scoring_system": "epss", "scoring_elements": "0.8834", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03824", "scoring_system": "epss", "scoring_elements": "0.88358", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03824", "scoring_system": "epss", "scoring_elements": "0.88361", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-1806" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1806", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1806" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=450768", "reference_id": "450768", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=450768" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485841", "reference_id": "485841", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485841" }, { "reference_url": "https://security.gentoo.org/glsa/200806-10", "reference_id": "GLSA-200806-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200806-10" }, { "reference_url": "https://security.gentoo.org/glsa/201209-25", "reference_id": "GLSA-201209-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201209-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0556", "reference_id": "RHSA-2008:0556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0558", "reference_id": "RHSA-2008:0558", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0558" }, { "reference_url": "https://usn.ubuntu.com/643-1/", "reference_id": "USN-643-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/643-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4372?format=api", "purl": "pkg:deb/debian/freetype@2.3.7-2%2Blenny8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2qjp-4spz-mqcd" }, { "vulnerability": "VCID-2rzg-6jj1-8yad" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-3w4f-9qjv-cbe8" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8jxb-mwxb-bubc" }, { "vulnerability": "VCID-8n2a-uwre-rkf1" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-c9zr-gqub-mydn" }, { "vulnerability": "VCID-cg7m-wj97-8bbm" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-ebzt-mp23-v7g8" }, { "vulnerability": "VCID-ejj1-9r1p-n7ce" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-g8vr-rkh5-muhe" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-h48u-hr6k-suhh" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-jtxs-u48n-yqfc" }, { "vulnerability": "VCID-kbzn-9y93-uqa7" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nfk2-txt8-97f1" }, { "vulnerability": "VCID-nq1s-4y21-qyhq" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-urt2-ptbg-vqcn" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-v2ts-kp6b-13ht" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" }, { "vulnerability": "VCID-znbr-a2vb-9fca" }, { "vulnerability": "VCID-zp6q-jhnx-6yhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.3.7-2%252Blenny8" } ], "aliases": [ "CVE-2008-1806" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rzzk-dbbn-kube" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69422?format=api", "vulnerability_id": "VCID-tadq-59q1-z7gw", "summary": "The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9674.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9674.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04311", "scoring_system": "epss", "scoring_elements": "0.89073", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04311", "scoring_system": "epss", "scoring_elements": "0.89089", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04311", "scoring_system": "epss", "scoring_elements": "0.8909", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9674" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191190", "reference_id": "1191190", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191190" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9674" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tadq-59q1-z7gw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2275?format=api", "vulnerability_id": "VCID-tvvd-q7nw-eyey", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1140.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1140.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1140", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.8678", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02967", "scoring_system": "epss", "scoring_elements": "0.86778", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1140" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800600", "reference_id": "800600", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800600" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1140", "reference_id": "CVE-2012-1140", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1140" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1140" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tvvd-q7nw-eyey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69459?format=api", "vulnerability_id": "VCID-u6w8-ugz2-affg", "summary": "An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6942.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6942.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6942", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41511", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41587", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41594", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544771", "reference_id": "1544771", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1544771" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890450", "reference_id": "890450", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890450" }, { "reference_url": "https://security.archlinux.org/ASA-201805-3", "reference_id": "ASA-201805-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-3" }, { "reference_url": "https://security.archlinux.org/AVG-613", "reference_id": "AVG-613", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-613" }, { "reference_url": "https://usn.ubuntu.com/3572-1/", "reference_id": "USN-3572-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3572-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5534?format=api", "purl": "pkg:deb/debian/freetype@2.9.1-3%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.9.1-3%252Bdeb10u3" } ], "aliases": [ "CVE-2018-6942" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u6w8-ugz2-affg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69314?format=api", "vulnerability_id": "VCID-u8qb-wesu-dudg", "summary": "FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3256.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3256.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02974", "scoring_system": "epss", "scoring_elements": "0.86769", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02974", "scoring_system": "epss", "scoring_elements": "0.86791", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02974", "scoring_system": "epss", "scoring_elements": "0.86789", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3256" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646120", "reference_id": "646120", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646120" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=746226", "reference_id": "746226", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=746226" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1402", "reference_id": "RHSA-2011:1402", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1402" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0094", "reference_id": "RHSA-2012:0094", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0094" }, { "reference_url": "https://usn.ubuntu.com/1267-1/", "reference_id": "USN-1267-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1267-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2011-3256" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u8qb-wesu-dudg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69442?format=api", "vulnerability_id": "VCID-ud6b-e3p8-tkhe", "summary": "FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9383.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9383.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9383", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84581", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84606", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.8461", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-9383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9383" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1763613", "reference_id": "1763613", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1763613" }, { "reference_url": "https://usn.ubuntu.com/4126-1/", "reference_id": "USN-4126-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4126-1/" }, { "reference_url": "https://usn.ubuntu.com/4126-2/", "reference_id": "USN-4126-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4126-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5533?format=api", "purl": "pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.6.3-3.2%252Bdeb9u1" } ], "aliases": [ "CVE-2015-9383" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ud6b-e3p8-tkhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69308?format=api", "vulnerability_id": "VCID-urt2-ptbg-vqcn", "summary": "Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3855.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3855.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04314", "scoring_system": "epss", "scoring_elements": "0.89079", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04314", "scoring_system": "epss", "scoring_elements": "0.89096", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04314", "scoring_system": "epss", "scoring_elements": "0.89097", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3855" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221", "reference_id": "602221", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=645275", "reference_id": "645275", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=645275" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0889", "reference_id": "RHSA-2010:0889", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0889" }, { "reference_url": "https://usn.ubuntu.com/1013-1/", "reference_id": "USN-1013-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1013-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2010-3855" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-urt2-ptbg-vqcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69401?format=api", "vulnerability_id": "VCID-uuq4-51jp-fqfj", "summary": "sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9667.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9667.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01771", "scoring_system": "epss", "scoring_elements": "0.82996", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01771", "scoring_system": "epss", "scoring_elements": "0.83023", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191090", "reference_id": "1191090", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191090" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9667" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uuq4-51jp-fqfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69418?format=api", "vulnerability_id": "VCID-uyr7-9j1h-eker", "summary": "Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9673.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9673.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02793", "scoring_system": "epss", "scoring_elements": "0.86364", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02793", "scoring_system": "epss", "scoring_elements": "0.86388", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02793", "scoring_system": "epss", "scoring_elements": "0.86389", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191096", "reference_id": "1191096", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191096" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656", "reference_id": "777656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656" }, { "reference_url": "https://security.gentoo.org/glsa/201503-05", "reference_id": "GLSA-201503-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201503-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0696", "reference_id": "RHSA-2015:0696", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0696" }, { "reference_url": "https://usn.ubuntu.com/2510-1/", "reference_id": "USN-2510-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2510-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4376?format=api", "purl": "pkg:deb/debian/freetype@2.5.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3" } ], "aliases": [ "CVE-2014-9673" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uyr7-9j1h-eker" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69294?format=api", "vulnerability_id": "VCID-v2ts-kp6b-13ht", "summary": "FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2807.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2807.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2807", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05194", "scoring_system": "epss", "scoring_elements": "0.90091", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05194", "scoring_system": "epss", "scoring_elements": "0.90108", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05194", "scoring_system": "epss", "scoring_elements": "0.90107", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2807" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=625627", "reference_id": "625627", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=625627" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://usn.ubuntu.com/972-1/", "reference_id": "USN-972-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/972-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2010-2807" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v2ts-kp6b-13ht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2279?format=api", "vulnerability_id": "VCID-vx31-mywv-1fhr", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1144.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1144.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03525", "scoring_system": "epss", "scoring_elements": "0.87862", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03525", "scoring_system": "epss", "scoring_elements": "0.87883", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03525", "scoring_system": "epss", "scoring_elements": "0.87885", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1144" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800607", "reference_id": "800607", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800607" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1144", "reference_id": "CVE-2012-1144", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1144" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1144" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vx31-mywv-1fhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2277?format=api", "vulnerability_id": "VCID-xxs6-891m-t3bm", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1142.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1142.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04956", "scoring_system": "epss", "scoring_elements": "0.89835", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04956", "scoring_system": "epss", "scoring_elements": "0.89851", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04956", "scoring_system": "epss", "scoring_elements": "0.89852", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1142" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800604", "reference_id": "800604", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142", "reference_id": "CVE-2012-1142", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1142" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xxs6-891m-t3bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4836?format=api", "vulnerability_id": "VCID-yw9g-7f7b-6kfa", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27363.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27363.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.70344", "scoring_system": "epss", "scoring_elements": "0.98707", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.70761", "scoring_system": "epss", "scoring_elements": "0.98718", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27363" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351357", "reference_id": "2351357", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351357" }, { "reference_url": "https://security.archlinux.org/ASA-202505-11", "reference_id": "ASA-202505-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202505-11" }, { "reference_url": "https://security.archlinux.org/AVG-2877", "reference_id": "AVG-2877", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2877" }, { "reference_url": "https://www.facebook.com/security/advisories/cve-2025-27363", "reference_id": "cve-2025-27363", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:H/MI:H/MA:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-05-07T03:55:53Z/" } ], "url": "https://www.facebook.com/security/advisories/cve-2025-27363" }, { "reference_url": "https://security.gentoo.org/glsa/202505-07", "reference_id": "GLSA-202505-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202505-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3382", "reference_id": "RHSA-2025:3382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3383", "reference_id": "RHSA-2025:3383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3384", "reference_id": "RHSA-2025:3384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3385", "reference_id": "RHSA-2025:3385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3386", "reference_id": "RHSA-2025:3386", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3387", "reference_id": "RHSA-2025:3387", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3387" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3393", "reference_id": "RHSA-2025:3393", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3393" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3395", "reference_id": "RHSA-2025:3395", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3395" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3407", "reference_id": "RHSA-2025:3407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3421", "reference_id": "RHSA-2025:3421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8195", "reference_id": "RHSA-2025:8195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8219", "reference_id": "RHSA-2025:8219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8253", "reference_id": "RHSA-2025:8253", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8253" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8292", "reference_id": "RHSA-2025:8292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9380", "reference_id": "RHSA-2025:9380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9380" }, { "reference_url": "https://usn.ubuntu.com/7352-1/", "reference_id": "USN-7352-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7352-1/" }, { "reference_url": "https://usn.ubuntu.com/7352-2/", "reference_id": "USN-7352-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7352-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/511206?format=api", "purl": "pkg:deb/debian/freetype@2.12.1%2Bdfsg-5%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.12.1%252Bdfsg-5%252Bdeb12u4" } ], "aliases": [ "CVE-2025-27363" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yw9g-7f7b-6kfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2269?format=api", "vulnerability_id": "VCID-z2q3-ejur-8uhb", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1134.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1134.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1134", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05858", "scoring_system": "epss", "scoring_elements": "0.90723", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05858", "scoring_system": "epss", "scoring_elements": "0.90736", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1134" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800592", "reference_id": "800592", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800592" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134", "reference_id": "CVE-2012-1134", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1134" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z2q3-ejur-8uhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2278?format=api", "vulnerability_id": "VCID-z66j-hvpb-9ydk", "summary": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1143.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1143.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02148", "scoring_system": "epss", "scoring_elements": "0.8455", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02148", "scoring_system": "epss", "scoring_elements": "0.84575", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02148", "scoring_system": "epss", "scoring_elements": "0.84579", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1143" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864", "reference_id": "662864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=800606", "reference_id": "800606", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143", "reference_id": "CVE-2012-1143", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143" }, { "reference_url": "https://security.gentoo.org/glsa/201204-04", "reference_id": "GLSA-201204-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201204-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21", "reference_id": "mfsa2012-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0467", "reference_id": "RHSA-2012:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0467" }, { "reference_url": "https://usn.ubuntu.com/1403-1/", "reference_id": "USN-1403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1403-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4375?format=api", "purl": "pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3" } ], "aliases": [ "CVE-2012-1143" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z66j-hvpb-9ydk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69269?format=api", "vulnerability_id": "VCID-znbr-a2vb-9fca", "summary": "Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1797.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1797.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.5972", "scoring_system": "epss", "scoring_elements": "0.98288", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.5972", "scoring_system": "epss", "scoring_elements": "0.9829", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.5972", "scoring_system": "epss", "scoring_elements": "0.98291", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1797" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=621144", "reference_id": "621144", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=621144" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14727.py", "reference_id": "CVE-2010-1797;OSVDB-66828", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/14727.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ios/local/14538.txt", "reference_id": "CVE-2010-2973;CVE-2010-2972;OSVDB-67011;OSVDB-66828;OSVDB-66827;CVE-2010-1797", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ios/local/14538.txt" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0607", "reference_id": "RHSA-2010:0607", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0607" }, { "reference_url": "https://usn.ubuntu.com/972-1/", "reference_id": "USN-972-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/972-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2010-1797" ], "risk_score": 1.0, "exploitability": "2.0", "weighted_severity": "0.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znbr-a2vb-9fca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69306?format=api", "vulnerability_id": "VCID-zp6q-jhnx-6yhm", "summary": "Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3814", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05648", "scoring_system": "epss", "scoring_elements": "0.90518", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05648", "scoring_system": "epss", "scoring_elements": "0.90533", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05648", "scoring_system": "epss", "scoring_elements": "0.90534", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3814" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221", "reference_id": "602221", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=602221" }, { "reference_url": "https://security.gentoo.org/glsa/201201-09", "reference_id": "GLSA-201201-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-09" }, { "reference_url": "https://usn.ubuntu.com/1013-1/", "reference_id": "USN-1013-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1013-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4373?format=api", "purl": "pkg:deb/debian/freetype@2.4.2-2.1%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.2-2.1%252Bsqueeze4" } ], "aliases": [ "CVE-2010-3814" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zp6q-jhnx-6yhm" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69242?format=api", "vulnerability_id": "VCID-e7qn-3gca-gfdb", "summary": "Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0747.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0747.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0747", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.45933", "scoring_system": "epss", "scoring_elements": "0.97694", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.45933", "scoring_system": "epss", "scoring_elements": "0.97698", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.45933", "scoring_system": "epss", "scoring_elements": "0.97699", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0747" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0747" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618019", "reference_id": "1618019", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618019" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/27992.txt", "reference_id": "CVE-2006-0747;OSVDB-26032", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/27992.txt" }, { "reference_url": "https://www.securityfocus.com/bid/18326/info", "reference_id": "CVE-2006-0747;OSVDB-26032", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/18326/info" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0500", "reference_id": "RHSA-2006:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0500" }, { "reference_url": "https://usn.ubuntu.com/291-1/", "reference_id": "USN-291-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/291-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4370?format=api", "purl": "pkg:deb/debian/freetype@2.2.1-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2qjp-4spz-mqcd" }, { "vulnerability": "VCID-2rzg-6jj1-8yad" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-3w4f-9qjv-cbe8" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8jxb-mwxb-bubc" }, { "vulnerability": "VCID-8n2a-uwre-rkf1" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9d7b-xu7h-wffk" }, { "vulnerability": "VCID-9gvj-784g-3ybs" }, { "vulnerability": "VCID-9tw2-uv12-e3ge" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-c9zr-gqub-mydn" }, { "vulnerability": "VCID-cg7m-wj97-8bbm" }, { "vulnerability": "VCID-cxuq-g7g3-1qfs" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-ebzt-mp23-v7g8" }, { "vulnerability": "VCID-ejj1-9r1p-n7ce" }, { "vulnerability": "VCID-ek57-t13n-s7ab" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-g8vr-rkh5-muhe" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-h48u-hr6k-suhh" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-jtxs-u48n-yqfc" }, { "vulnerability": "VCID-kbzn-9y93-uqa7" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nfk2-txt8-97f1" }, { "vulnerability": "VCID-nq1s-4y21-qyhq" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-rzzk-dbbn-kube" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-urt2-ptbg-vqcn" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-v2ts-kp6b-13ht" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" }, { "vulnerability": "VCID-znbr-a2vb-9fca" }, { "vulnerability": "VCID-zp6q-jhnx-6yhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.2.1-5" } ], "aliases": [ "CVE-2006-0747" ], "risk_score": 0.8, "exploitability": "2.0", "weighted_severity": "0.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e7qn-3gca-gfdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69244?format=api", "vulnerability_id": "VCID-g8gf-dnjg-q3cp", "summary": "Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-1861.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-1861.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-1861", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08522", "scoring_system": "epss", "scoring_elements": "0.92524", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08522", "scoring_system": "epss", "scoring_elements": "0.92537", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.08522", "scoring_system": "epss", "scoring_elements": "0.92533", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-1861" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=484437", "reference_id": "484437", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=484437" }, { "reference_url": "https://security.gentoo.org/glsa/200607-02", "reference_id": "GLSA-200607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200607-02" }, { "reference_url": "https://security.gentoo.org/glsa/200710-09", "reference_id": "GLSA-200710-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200710-09" }, { "reference_url": "https://security.gentoo.org/glsa/201006-01", "reference_id": "GLSA-201006-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201006-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0500", "reference_id": "RHSA-2006:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0329", "reference_id": "RHSA-2009:0329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1062", "reference_id": "RHSA-2009:1062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1062" }, { "reference_url": "https://usn.ubuntu.com/291-1/", "reference_id": "USN-291-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/291-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4370?format=api", "purl": "pkg:deb/debian/freetype@2.2.1-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2qjp-4spz-mqcd" }, { "vulnerability": "VCID-2rzg-6jj1-8yad" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-3w4f-9qjv-cbe8" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8jxb-mwxb-bubc" }, { "vulnerability": "VCID-8n2a-uwre-rkf1" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9d7b-xu7h-wffk" }, { "vulnerability": "VCID-9gvj-784g-3ybs" }, { "vulnerability": "VCID-9tw2-uv12-e3ge" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-c9zr-gqub-mydn" }, { "vulnerability": "VCID-cg7m-wj97-8bbm" }, { "vulnerability": "VCID-cxuq-g7g3-1qfs" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-ebzt-mp23-v7g8" }, { "vulnerability": "VCID-ejj1-9r1p-n7ce" }, { "vulnerability": "VCID-ek57-t13n-s7ab" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-g8vr-rkh5-muhe" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-h48u-hr6k-suhh" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-jtxs-u48n-yqfc" }, { "vulnerability": "VCID-kbzn-9y93-uqa7" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nfk2-txt8-97f1" }, { "vulnerability": "VCID-nq1s-4y21-qyhq" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-rzzk-dbbn-kube" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-urt2-ptbg-vqcn" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-v2ts-kp6b-13ht" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" }, { "vulnerability": "VCID-znbr-a2vb-9fca" }, { "vulnerability": "VCID-zp6q-jhnx-6yhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.2.1-5" } ], "aliases": [ "CVE-2006-1861" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8gf-dnjg-q3cp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69250?format=api", "vulnerability_id": "VCID-jrku-a3pa-63d5", "summary": "Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3467.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3467.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-3467", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08679", "scoring_system": "epss", "scoring_elements": "0.92619", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08679", "scoring_system": "epss", "scoring_elements": "0.92631", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.08679", "scoring_system": "epss", "scoring_elements": "0.92628", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-3467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=379920", "reference_id": "379920", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=379920" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=383353", "reference_id": "383353", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=383353" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=487070", "reference_id": "487070", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487070" }, { "reference_url": "https://security.gentoo.org/glsa/200609-04", "reference_id": "GLSA-200609-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200609-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0500", "reference_id": "RHSA-2006:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0634", "reference_id": "RHSA-2006:0634", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0634" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0635", "reference_id": "RHSA-2006:0635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0635" }, { "reference_url": "https://usn.ubuntu.com/324-1/", "reference_id": "USN-324-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/324-1/" }, { "reference_url": "https://usn.ubuntu.com/341-1/", "reference_id": "USN-341-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/341-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4370?format=api", "purl": "pkg:deb/debian/freetype@2.2.1-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2qjp-4spz-mqcd" }, { "vulnerability": "VCID-2rzg-6jj1-8yad" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-3w4f-9qjv-cbe8" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8jxb-mwxb-bubc" }, { "vulnerability": "VCID-8n2a-uwre-rkf1" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9d7b-xu7h-wffk" }, { "vulnerability": "VCID-9gvj-784g-3ybs" }, { "vulnerability": "VCID-9tw2-uv12-e3ge" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-c9zr-gqub-mydn" }, { "vulnerability": "VCID-cg7m-wj97-8bbm" }, { "vulnerability": "VCID-cxuq-g7g3-1qfs" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-ebzt-mp23-v7g8" }, { "vulnerability": "VCID-ejj1-9r1p-n7ce" }, { "vulnerability": "VCID-ek57-t13n-s7ab" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-g8vr-rkh5-muhe" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-h48u-hr6k-suhh" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-jtxs-u48n-yqfc" }, { "vulnerability": "VCID-kbzn-9y93-uqa7" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nfk2-txt8-97f1" }, { "vulnerability": "VCID-nq1s-4y21-qyhq" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-rzzk-dbbn-kube" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-urt2-ptbg-vqcn" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-v2ts-kp6b-13ht" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" }, { "vulnerability": "VCID-znbr-a2vb-9fca" }, { "vulnerability": "VCID-zp6q-jhnx-6yhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.2.1-5" } ], "aliases": [ "CVE-2006-3467" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jrku-a3pa-63d5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69247?format=api", "vulnerability_id": "VCID-untp-db3f-hbd1", "summary": "ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-2661.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-2661.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-2661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12644", "scoring_system": "epss", "scoring_elements": "0.94101", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.12644", "scoring_system": "epss", "scoring_elements": "0.9411", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.12644", "scoring_system": "epss", "scoring_elements": "0.94109", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-2661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2661" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618110", "reference_id": "1618110", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618110" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/27993.txt", "reference_id": "CVE-2006-2661;OSVDB-26033", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/27993.txt" }, { "reference_url": "https://www.securityfocus.com/bid/18329/info", "reference_id": "CVE-2006-2661;OSVDB-26033", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/18329/info" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0500", "reference_id": "RHSA-2006:0500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0500" }, { "reference_url": "https://usn.ubuntu.com/291-1/", "reference_id": "USN-291-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/291-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4370?format=api", "purl": "pkg:deb/debian/freetype@2.2.1-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1g6m-76bj-eqha" }, { "vulnerability": "VCID-1w63-ynmk-eya3" }, { "vulnerability": "VCID-2nqu-79u6-kkez" }, { "vulnerability": "VCID-2qjp-4spz-mqcd" }, { "vulnerability": "VCID-2rzg-6jj1-8yad" }, { "vulnerability": "VCID-2yvb-7w2n-ybhg" }, { "vulnerability": "VCID-31q8-w6bh-zuey" }, { "vulnerability": "VCID-3r2c-py99-3bbt" }, { "vulnerability": "VCID-3sfc-a2u5-nkgt" }, { "vulnerability": "VCID-3w4f-9qjv-cbe8" }, { "vulnerability": "VCID-4yvt-rk2z-2bb9" }, { "vulnerability": "VCID-5y1m-7fhn-cbbr" }, { "vulnerability": "VCID-6bcv-2cx6-77es" }, { "vulnerability": "VCID-6jeb-n9un-3qhd" }, { "vulnerability": "VCID-71q4-11dy-6ua7" }, { "vulnerability": "VCID-75xz-zpmu-1ugk" }, { "vulnerability": "VCID-79xr-2yux-37ea" }, { "vulnerability": "VCID-7vjf-m96b-6uay" }, { "vulnerability": "VCID-86b1-gj4n-eybh" }, { "vulnerability": "VCID-8jxb-mwxb-bubc" }, { "vulnerability": "VCID-8n2a-uwre-rkf1" }, { "vulnerability": "VCID-8pge-za7q-8ugx" }, { "vulnerability": "VCID-8sk7-1vxp-9bgd" }, { "vulnerability": "VCID-8xh3-svmf-tkc4" }, { "vulnerability": "VCID-8zjm-pmh1-p7a2" }, { "vulnerability": "VCID-993u-8fyr-kqdy" }, { "vulnerability": "VCID-9d7b-xu7h-wffk" }, { "vulnerability": "VCID-9gvj-784g-3ybs" }, { "vulnerability": "VCID-9tw2-uv12-e3ge" }, { "vulnerability": "VCID-9ud1-v7xu-g7dy" }, { "vulnerability": "VCID-a4yj-9xf1-bybu" }, { "vulnerability": "VCID-aswe-3g48-wfgm" }, { "vulnerability": "VCID-axt7-mnzh-vqhp" }, { "vulnerability": "VCID-b8wk-n575-afd5" }, { "vulnerability": "VCID-bnz5-ugr3-7qch" }, { "vulnerability": "VCID-c5e7-yx9x-hygd" }, { "vulnerability": "VCID-c9zr-gqub-mydn" }, { "vulnerability": "VCID-cg7m-wj97-8bbm" }, { "vulnerability": "VCID-cxuq-g7g3-1qfs" }, { "vulnerability": "VCID-d2ph-8m1f-kfc3" }, { "vulnerability": "VCID-d47r-eebb-jba6" }, { "vulnerability": "VCID-d76k-xm6p-zbd4" }, { "vulnerability": "VCID-dg4p-f6uk-gkgy" }, { "vulnerability": "VCID-e4yc-a8j8-mqfq" }, { "vulnerability": "VCID-ebzt-mp23-v7g8" }, { "vulnerability": "VCID-ejj1-9r1p-n7ce" }, { "vulnerability": "VCID-ek57-t13n-s7ab" }, { "vulnerability": "VCID-epxh-ss4r-zbdn" }, { "vulnerability": "VCID-fe3g-ww6q-hqa8" }, { "vulnerability": "VCID-g8bk-9bsd-p7bk" }, { "vulnerability": "VCID-g8vr-rkh5-muhe" }, { "vulnerability": "VCID-gwdk-xf64-kuen" }, { "vulnerability": "VCID-h48u-hr6k-suhh" }, { "vulnerability": "VCID-jqjv-gjbe-dbfg" }, { "vulnerability": "VCID-jtxs-u48n-yqfc" }, { "vulnerability": "VCID-kbzn-9y93-uqa7" }, { "vulnerability": "VCID-kemx-zuam-uqab" }, { "vulnerability": "VCID-keyh-yygz-y7ep" }, { "vulnerability": "VCID-kwd7-sv6y-eyh8" }, { "vulnerability": "VCID-mduc-7752-v3ef" }, { "vulnerability": "VCID-n8ke-6dq8-2uaf" }, { "vulnerability": "VCID-nfk2-txt8-97f1" }, { "vulnerability": "VCID-nq1s-4y21-qyhq" }, { "vulnerability": "VCID-nsas-gyxj-67g2" }, { "vulnerability": "VCID-p7jb-tuz7-t3h7" }, { "vulnerability": "VCID-psxs-t1t2-bkba" }, { "vulnerability": "VCID-qfk8-g847-a3aj" }, { "vulnerability": "VCID-qpms-y8cx-dkdw" }, { "vulnerability": "VCID-r3y3-86vk-5fem" }, { "vulnerability": "VCID-r47y-we15-pqg3" }, { "vulnerability": "VCID-rqa9-mp2r-g3cn" }, { "vulnerability": "VCID-rzzk-dbbn-kube" }, { "vulnerability": "VCID-tadq-59q1-z7gw" }, { "vulnerability": "VCID-tvvd-q7nw-eyey" }, { "vulnerability": "VCID-u6w8-ugz2-affg" }, { "vulnerability": "VCID-u8qb-wesu-dudg" }, { "vulnerability": "VCID-ud6b-e3p8-tkhe" }, { "vulnerability": "VCID-urt2-ptbg-vqcn" }, { "vulnerability": "VCID-uuq4-51jp-fqfj" }, { "vulnerability": "VCID-uyr7-9j1h-eker" }, { "vulnerability": "VCID-v2ts-kp6b-13ht" }, { "vulnerability": "VCID-vx31-mywv-1fhr" }, { "vulnerability": "VCID-xxs6-891m-t3bm" }, { "vulnerability": "VCID-yw9g-7f7b-6kfa" }, { "vulnerability": "VCID-z2q3-ejur-8uhb" }, { "vulnerability": "VCID-z66j-hvpb-9ydk" }, { "vulnerability": "VCID-znbr-a2vb-9fca" }, { "vulnerability": "VCID-zp6q-jhnx-6yhm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.2.1-5" } ], "aliases": [ "CVE-2006-2661" ], "risk_score": 0.2, "exploitability": "2.0", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-untp-db3f-hbd1" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.2.1-5" }