Search for packages
| purl | pkg:deb/debian/freetype@2.9.1-3%2Bdeb10u3 |
| Next non-vulnerable version | 2.12.1+dfsg-5+deb12u4 |
| Latest non-vulnerable version | 2.12.1+dfsg-5+deb12u4 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-dcxj-zzfj-3bg7
Aliases: CVE-2022-27406 |
Multiple vulnerabilities have been discovered in FreeType, the worst of which can lead to remote code execution. |
Affected by 2 other vulnerabilities. |
|
VCID-nx21-ks3v-53e4
Aliases: CVE-2020-15999 GHSA-pv36-h7jh-qm62 |
Heap buffer overflow in CefSharp ### Impact A memory corruption bug(Heap overflow) in the FreeType font rendering library. > This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images . As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild. ### Patches Upgrade to 85.3.130 or higher ### References - https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ - https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999 - https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942 To review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d |
Affected by 2 other vulnerabilities. |
|
VCID-s148-7tzs-gfg8
Aliases: CVE-2022-27405 |
Multiple vulnerabilities have been discovered in FreeType, the worst of which can lead to remote code execution. |
Affected by 2 other vulnerabilities. |
|
VCID-uy24-k7je-pyhr
Aliases: CVE-2025-27363 |
A vulnerability has been discovered in FreeType, which can lead to remote code execution. |
Affected by 0 other vulnerabilities. |
|
VCID-xb9q-dk8j-fbch
Aliases: CVE-2022-27404 |
Multiple vulnerabilities have been discovered in FreeType, the worst of which can lead to remote code execution. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-nx21-ks3v-53e4 | Heap buffer overflow in CefSharp ### Impact A memory corruption bug(Heap overflow) in the FreeType font rendering library. > This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images . As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild. ### Patches Upgrade to 85.3.130 or higher ### References - https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ - https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999 - https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942 To review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d |
CVE-2020-15999
GHSA-pv36-h7jh-qm62 |
| VCID-y4qf-qfbv-mqdg | freetype: NULL pointer dereference in the Ins_GETVARIATION() function |
CVE-2018-6942
|