Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/freetype@2.10.4%2Bdfsg-1%2Bdeb11u1
purl pkg:deb/debian/freetype@2.10.4%2Bdfsg-1%2Bdeb11u1
Next non-vulnerable version 2.12.1+dfsg-5+deb12u4
Latest non-vulnerable version 2.12.1+dfsg-5+deb12u4
Risk 10.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-hgm7-qrp2-c3g8
Aliases:
CVE-2022-31782
ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.
2.12.1+dfsg-5+deb12u4
Affected by 0 other vulnerabilities.
VCID-uy24-k7je-pyhr
Aliases:
CVE-2025-27363
A vulnerability has been discovered in FreeType, which can lead to remote code execution.
2.12.1+dfsg-5+deb12u4
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-dcxj-zzfj-3bg7 Multiple vulnerabilities have been discovered in FreeType, the worst of which can lead to remote code execution. CVE-2022-27406
VCID-nx21-ks3v-53e4 Heap buffer overflow in CefSharp ### Impact A memory corruption bug(Heap overflow) in the FreeType font rendering library. > This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images . As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild. ### Patches Upgrade to 85.3.130 or higher ### References - https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ - https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999 - https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942 To review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d CVE-2020-15999
GHSA-pv36-h7jh-qm62
VCID-s148-7tzs-gfg8 Multiple vulnerabilities have been discovered in FreeType, the worst of which can lead to remote code execution. CVE-2022-27405
VCID-xb9q-dk8j-fbch Multiple vulnerabilities have been discovered in FreeType, the worst of which can lead to remote code execution. CVE-2022-27404

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T11:38:14.598825+00:00 Debian Importer Affected by VCID-hgm7-qrp2-c3g8 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T00:37:53.252736+00:00 Debian Oval Importer Affected by VCID-uy24-k7je-pyhr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T20:02:24.450553+00:00 Debian Oval Importer Fixing VCID-dcxj-zzfj-3bg7 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T19:24:16.418510+00:00 Debian Oval Importer Fixing VCID-nx21-ks3v-53e4 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:43:39.933019+00:00 Debian Oval Importer Fixing VCID-xb9q-dk8j-fbch https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T16:06:52.348241+00:00 Debian Oval Importer Fixing VCID-s148-7tzs-gfg8 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-13T07:55:49.565276+00:00 Debian Importer Affected by VCID-hgm7-qrp2-c3g8 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-12T00:10:48.607201+00:00 Debian Oval Importer Affected by VCID-uy24-k7je-pyhr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T19:44:12.767250+00:00 Debian Oval Importer Fixing VCID-dcxj-zzfj-3bg7 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T19:07:24.126777+00:00 Debian Oval Importer Fixing VCID-nx21-ks3v-53e4 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T17:29:42.899168+00:00 Debian Oval Importer Fixing VCID-xb9q-dk8j-fbch https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T15:54:23.848499+00:00 Debian Oval Importer Fixing VCID-s148-7tzs-gfg8 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T23:41:55.874967+00:00 Debian Oval Importer Affected by VCID-uy24-k7je-pyhr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:27:01.433465+00:00 Debian Oval Importer Fixing VCID-dcxj-zzfj-3bg7 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:16:52.240274+00:00 Debian Importer Affected by VCID-hgm7-qrp2-c3g8 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T18:51:37.077338+00:00 Debian Oval Importer Fixing VCID-nx21-ks3v-53e4 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:17:40.468753+00:00 Debian Oval Importer Fixing VCID-xb9q-dk8j-fbch https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T15:47:39.917833+00:00 Debian Oval Importer Fixing VCID-s148-7tzs-gfg8 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0