Search for packages
| purl | pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1 |
| Next non-vulnerable version | 2.12.1+dfsg-5+deb12u4 |
| Latest non-vulnerable version | 2.12.1+dfsg-5+deb12u4 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-dcxj-zzfj-3bg7
Aliases: CVE-2022-27406 |
Multiple vulnerabilities have been discovered in FreeType, the worst of which can lead to remote code execution. |
Affected by 2 other vulnerabilities. |
|
VCID-nx21-ks3v-53e4
Aliases: CVE-2020-15999 GHSA-pv36-h7jh-qm62 |
Heap buffer overflow in CefSharp ### Impact A memory corruption bug(Heap overflow) in the FreeType font rendering library. > This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images . As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild. ### Patches Upgrade to 85.3.130 or higher ### References - https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ - https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999 - https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942 To review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d |
Affected by 5 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-s148-7tzs-gfg8
Aliases: CVE-2022-27405 |
Multiple vulnerabilities have been discovered in FreeType, the worst of which can lead to remote code execution. |
Affected by 2 other vulnerabilities. |
|
VCID-uy24-k7je-pyhr
Aliases: CVE-2025-27363 |
A vulnerability has been discovered in FreeType, which can lead to remote code execution. |
Affected by 0 other vulnerabilities. |
|
VCID-xb9q-dk8j-fbch
Aliases: CVE-2022-27404 |
Multiple vulnerabilities have been discovered in FreeType, the worst of which can lead to remote code execution. |
Affected by 2 other vulnerabilities. |
|
VCID-y4qf-qfbv-mqdg
Aliases: CVE-2018-6942 |
freetype: NULL pointer dereference in the Ins_GETVARIATION() function |
Affected by 5 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-6xf8-49hw-hfaf | Multiple vulnerabilities have been found in FreeType, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2016-10244
|
| VCID-a9r6-k8gp-nbfs | freetype: a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c may lead to a DoS |
CVE-2015-9383
|
| VCID-b35u-t7u2-sudy | security update |
CVE-2014-9746
|
| VCID-hutw-rk7x-5bc3 | security update |
CVE-2014-9745
|
| VCID-m8ha-zxb7-tyg6 | Multiple vulnerabilities have been found in FreeType, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2017-8105
|
| VCID-nn4w-gq71-kfgd | freetype: buffer over-read in function T1_Get_Private_Dict in type1/t1parse.c |
CVE-2015-9290
|
| VCID-tsw4-kqbc-kqf1 | freetype: a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c leading to crash |
CVE-2015-9381
|
| VCID-wr9p-x4sm-aqdh | Multiple vulnerabilities have been found in FreeType, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2017-8287
|
| VCID-ysfs-xxjz-vbep | freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face operation in skip_comment, psaux/psobjs.c, leads to a buffer over-read |
CVE-2015-9382
|
| VCID-zpnw-kwqf-63bp | security update |
CVE-2014-9747
|