Search for packages
| purl | pkg:deb/debian/freetype@2.2.1-5%2Betch4 |
| Next non-vulnerable version | 2.12.1+dfsg-5+deb12u4 |
| Latest non-vulnerable version | 2.12.1+dfsg-5+deb12u4 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1g6m-76bj-eqha
Aliases: CVE-2014-9657 |
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-1w63-ynmk-eya3
Aliases: CVE-2022-27405 |
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. |
Affected by 2 other vulnerabilities. |
|
VCID-2nqu-79u6-kkez
Aliases: CVE-2014-9659 |
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240. |
Affected by 16 other vulnerabilities. |
|
VCID-2qjp-4spz-mqcd
Aliases: CVE-2010-2497 |
Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
Affected by 63 other vulnerabilities. |
|
VCID-2rzg-6jj1-8yad
Aliases: CVE-2010-2498 |
The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. |
Affected by 63 other vulnerabilities. |
|
VCID-2yvb-7w2n-ybhg
Aliases: CVE-2012-1131 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-31q8-w6bh-zuey
Aliases: CVE-2012-1128 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-3r2c-py99-3bbt
Aliases: CVE-2016-10244 |
The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file. |
Affected by 16 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-3sfc-a2u5-nkgt
Aliases: CVE-2015-9382 |
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. |
Affected by 6 other vulnerabilities. |
|
VCID-3w4f-9qjv-cbe8
Aliases: CVE-2010-3311 |
Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797. |
Affected by 63 other vulnerabilities. |
|
VCID-4yvt-rk2z-2bb9
Aliases: CVE-2022-27404 |
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. |
Affected by 2 other vulnerabilities. |
|
VCID-5y1m-7fhn-cbbr
Aliases: CVE-2014-9668 |
The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file. |
Affected by 16 other vulnerabilities. |
|
VCID-6bcv-2cx6-77es
Aliases: CVE-2017-8287 |
arbitrary code execution |
Affected by 16 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-6jeb-n9un-3qhd
Aliases: CVE-2012-1127 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-71q4-11dy-6ua7
Aliases: CVE-2014-9663 |
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-75xz-zpmu-1ugk
Aliases: CVE-2012-5669 |
The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read. |
Affected by 38 other vulnerabilities. |
|
VCID-79xr-2yux-37ea
Aliases: CVE-2012-1130 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-7vjf-m96b-6uay
Aliases: CVE-2014-9661 |
type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-86b1-gj4n-eybh
Aliases: CVE-2014-9747 |
The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-8jxb-mwxb-bubc
Aliases: CVE-2010-2541 |
Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
Affected by 63 other vulnerabilities. |
|
VCID-8n2a-uwre-rkf1
Aliases: CVE-2010-3054 |
Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c. |
Affected by 63 other vulnerabilities. |
|
VCID-8pge-za7q-8ugx
Aliases: CVE-2014-9745 |
The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-8sk7-1vxp-9bgd
Aliases: CVE-2012-1135 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-8xh3-svmf-tkc4
Aliases: CVE-2014-2240 |
Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file. |
Affected by 16 other vulnerabilities. |
|
VCID-8zjm-pmh1-p7a2
Aliases: CVE-2020-15999 GHSA-pv36-h7jh-qm62 |
In Freetype, if PNG images were embedded into fonts, the Load_SBit_Png function contained an integer overflow that led to a heap buffer overflow, memory corruption, and an exploitable crash.*Note: While Project Zero did discover instances of this vulnerability being exploited in the wild against Chrome, in Firefox this vulnerability is only triggerable if a rarely-used, hidden preference is toggled, and only affected Linux and Android operating systems. Other operating systems are unaffected; and Linux and Android are unaffected in the default configuration.* |
Affected by 5 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-993u-8fyr-kqdy
Aliases: CVE-2012-5668 |
FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function. |
Affected by 38 other vulnerabilities. |
|
VCID-9d7b-xu7h-wffk
Aliases: CVE-2007-1351 |
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. |
Affected by 82 other vulnerabilities. |
|
VCID-9gvj-784g-3ybs
Aliases: CVE-2007-2754 |
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. |
Affected by 82 other vulnerabilities. |
|
VCID-9tw2-uv12-e3ge
Aliases: CVE-2008-1808 |
Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow. |
Affected by 82 other vulnerabilities. |
|
VCID-9ud1-v7xu-g7dy
Aliases: CVE-2014-9670 |
Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-a4yj-9xf1-bybu
Aliases: CVE-2015-9290 |
In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again. |
Affected by 6 other vulnerabilities. |
|
VCID-aswe-3g48-wfgm
Aliases: CVE-2012-1138 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-axt7-mnzh-vqhp
Aliases: CVE-2014-9672 |
Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-b8wk-n575-afd5
Aliases: CVE-2011-3439 |
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. |
Affected by 38 other vulnerabilities. |
|
VCID-bnz5-ugr3-7qch
Aliases: CVE-2014-9662 |
cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font. |
Affected by 16 other vulnerabilities. |
|
VCID-c5e7-yx9x-hygd
Aliases: CVE-2022-27406 |
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. |
Affected by 2 other vulnerabilities. |
|
VCID-c9zr-gqub-mydn
Aliases: CVE-2010-2527 |
Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
Affected by 63 other vulnerabilities. |
|
VCID-cg7m-wj97-8bbm
Aliases: CVE-2009-0946 |
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. |
Affected by 63 other vulnerabilities. |
|
VCID-cxuq-g7g3-1qfs
Aliases: CVE-2008-1807 |
FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption. |
Affected by 82 other vulnerabilities. |
|
VCID-d2ph-8m1f-kfc3
Aliases: CVE-2014-9666 |
The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-d47r-eebb-jba6
Aliases: CVE-2014-9746 |
The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-d76k-xm6p-zbd4
Aliases: CVE-2014-9665 |
The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file. |
Affected by 16 other vulnerabilities. |
|
VCID-dg4p-f6uk-gkgy
Aliases: CVE-2014-9669 |
Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-e4yc-a8j8-mqfq
Aliases: CVE-2012-1133 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-ebzt-mp23-v7g8
Aliases: CVE-2010-2808 |
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. |
Affected by 63 other vulnerabilities. |
|
VCID-ejj1-9r1p-n7ce
Aliases: CVE-2010-2500 |
Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
Affected by 63 other vulnerabilities. |
|
VCID-ek57-t13n-s7ab
Aliases: CVE-2007-3506 |
The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug." |
Affected by 82 other vulnerabilities. |
|
VCID-epxh-ss4r-zbdn
Aliases: CVE-2014-9671 |
Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-fe3g-ww6q-hqa8
Aliases: CVE-2012-1129 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-g8bk-9bsd-p7bk
Aliases: CVE-2012-1137 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-g8vr-rkh5-muhe
Aliases: CVE-2010-2805 |
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
Affected by 63 other vulnerabilities. |
|
VCID-gwdk-xf64-kuen
Aliases: CVE-2014-9656 |
The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-h48u-hr6k-suhh
Aliases: CVE-2010-2519 |
Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file. |
Affected by 63 other vulnerabilities. |
|
VCID-jqjv-gjbe-dbfg
Aliases: CVE-2012-1126 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-jtxs-u48n-yqfc
Aliases: CVE-2010-2520 |
Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
Affected by 63 other vulnerabilities. |
|
VCID-kbzn-9y93-uqa7
Aliases: CVE-2010-2806 |
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. |
Affected by 63 other vulnerabilities. |
|
VCID-kemx-zuam-uqab
Aliases: CVE-2012-1141 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-keyh-yygz-y7ep
Aliases: CVE-2017-8105 |
arbitrary code execution |
Affected by 16 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-kwd7-sv6y-eyh8
Aliases: CVE-2012-1136 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-mduc-7752-v3ef
Aliases: CVE-2011-0226 |
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. |
Affected by 38 other vulnerabilities. |
|
VCID-n8ke-6dq8-2uaf
Aliases: CVE-2012-5670 |
The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value. |
Affected by 38 other vulnerabilities. |
|
VCID-nfk2-txt8-97f1
Aliases: CVE-2010-3053 |
bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string. |
Affected by 63 other vulnerabilities. |
|
VCID-nq1s-4y21-qyhq
Aliases: CVE-2010-2499 |
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment. |
Affected by 63 other vulnerabilities. |
|
VCID-nsas-gyxj-67g2
Aliases: CVE-2014-9660 |
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-p7jb-tuz7-t3h7
Aliases: CVE-2015-9381 |
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. |
Affected by 6 other vulnerabilities. |
|
VCID-psxs-t1t2-bkba
Aliases: CVE-2012-1132 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-qfk8-g847-a3aj
Aliases: CVE-2014-2241 |
The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file. |
Affected by 16 other vulnerabilities. |
|
VCID-qpms-y8cx-dkdw
Aliases: CVE-2014-9658 |
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-r3y3-86vk-5fem
Aliases: CVE-2014-9675 |
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-r47y-we15-pqg3
Aliases: CVE-2012-1139 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-rqa9-mp2r-g3cn
Aliases: CVE-2014-9664 |
FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-rzzk-dbbn-kube
Aliases: CVE-2008-1806 |
Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow. |
Affected by 82 other vulnerabilities. |
|
VCID-tadq-59q1-z7gw
Aliases: CVE-2014-9674 |
The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-tvvd-q7nw-eyey
Aliases: CVE-2012-1140 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-u6w8-ugz2-affg
Aliases: CVE-2018-6942 |
An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file. |
Affected by 5 other vulnerabilities. |
|
VCID-u8qb-wesu-dudg
Aliases: CVE-2011-3256 |
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226. |
Affected by 38 other vulnerabilities. |
|
VCID-ud6b-e3p8-tkhe
Aliases: CVE-2015-9383 |
FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. |
Affected by 6 other vulnerabilities. |
|
VCID-urt2-ptbg-vqcn
Aliases: CVE-2010-3855 |
Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font. |
Affected by 63 other vulnerabilities. |
|
VCID-uuq4-51jp-fqfj
Aliases: CVE-2014-9667 |
sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-uyr7-9j1h-eker
Aliases: CVE-2014-9673 |
Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. |
Affected by 38 other vulnerabilities. Affected by 16 other vulnerabilities. |
|
VCID-v2ts-kp6b-13ht
Aliases: CVE-2010-2807 |
FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
Affected by 63 other vulnerabilities. |
|
VCID-vx31-mywv-1fhr
Aliases: CVE-2012-1144 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-xxs6-891m-t3bm
Aliases: CVE-2012-1142 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-yw9g-7f7b-6kfa
Aliases: CVE-2025-27363 |
arbitrary code execution |
Affected by 0 other vulnerabilities. |
|
VCID-z2q3-ejur-8uhb
Aliases: CVE-2012-1134 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-z66j-hvpb-9ydk
Aliases: CVE-2012-1143 |
Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType version 2.4.9 which addresses these issues. Desktop Firefox does not use Freetype for fonts and was not affected. On Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates. |
Affected by 38 other vulnerabilities. |
|
VCID-znbr-a2vb-9fca
Aliases: CVE-2010-1797 |
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information. |
Affected by 63 other vulnerabilities. |
|
VCID-zp6q-jhnx-6yhm
Aliases: CVE-2010-3814 |
Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font. |
Affected by 63 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||