{"url":"http://public2.vulnerablecode.io/api/packages/4366?format=json","purl":"pkg:deb/debian/freetype@1.2-3","type":"deb","namespace":"debian","name":"freetype","version":"1.2-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.10.4+dfsg-1+deb11u1","latest_non_vulnerable_version":"2.10.4+dfsg-1+deb11u1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69371?format=json","vulnerability_id":"VCID-1g6m-76bj-eqha","summary":"The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9657.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9657.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9657","reference_id":"","reference_type":"","scores":[{"value":"0.01688","scoring_system":"epss","scoring_elements":"0.82561","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191079","reference_id":"1191079","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191079"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656","reference_id":"777656","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656"},{"reference_url":"https://security.gentoo.org/glsa/201503-05","reference_id":"GLSA-201503-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0696","reference_id":"RHSA-2015:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2014-9657"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1g6m-76bj-eqha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2266?format=json","vulnerability_id":"VCID-2yvb-7w2n-ybhg","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1131.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1131.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1131","reference_id":"","reference_type":"","scores":[{"value":"0.02967","scoring_system":"epss","scoring_elements":"0.86758","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1131"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800589","reference_id":"800589","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800589"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131","reference_id":"CVE-2012-1131","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1131"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0467","reference_id":"RHSA-2012:0467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0467"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1131"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2yvb-7w2n-ybhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2263?format=json","vulnerability_id":"VCID-31q8-w6bh-zuey","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1128.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1128.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1128","reference_id":"","reference_type":"","scores":[{"value":"0.02697","scoring_system":"epss","scoring_elements":"0.86154","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1128"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800584","reference_id":"800584","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800584"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1128","reference_id":"CVE-2012-1128","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1128"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1128"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-31q8-w6bh-zuey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69444?format=json","vulnerability_id":"VCID-3r2c-py99-3bbt","summary":"The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10244.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10244.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10244","reference_id":"","reference_type":"","scores":[{"value":"0.00334","scoring_system":"epss","scoring_elements":"0.56484","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429965","reference_id":"1429965","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1429965"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856971","reference_id":"856971","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856971"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4377?format=json","purl":"pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3%252Bdeb8u2"}],"aliases":["CVE-2016-10244"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3r2c-py99-3bbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6573?format=json","vulnerability_id":"VCID-6bcv-2cx6-77es","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8287.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8287.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8287","reference_id":"","reference_type":"","scores":[{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74353","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8287"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1446073","reference_id":"1446073","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1446073"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861308","reference_id":"861308","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861308"},{"reference_url":"https://security.archlinux.org/ASA-201705-10","reference_id":"ASA-201705-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201705-10"},{"reference_url":"https://security.archlinux.org/ASA-201705-7","reference_id":"ASA-201705-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201705-7"},{"reference_url":"https://security.archlinux.org/AVG-257","reference_id":"AVG-257","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-257"},{"reference_url":"https://security.archlinux.org/AVG-258","reference_id":"AVG-258","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-258"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4377?format=json","purl":"pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5533?format=json","purl":"pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8zjm-pmh1-p7a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.6.3-3.2%252Bdeb9u1"}],"aliases":["CVE-2017-8287"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6bcv-2cx6-77es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2262?format=json","vulnerability_id":"VCID-6jeb-n9un-3qhd","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1127.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1127.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1127","reference_id":"","reference_type":"","scores":[{"value":"0.02967","scoring_system":"epss","scoring_elements":"0.86758","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1127"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800583","reference_id":"800583","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800583"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127","reference_id":"CVE-2012-1127","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1127"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0467","reference_id":"RHSA-2012:0467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0467"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1127"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jeb-n9un-3qhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69390?format=json","vulnerability_id":"VCID-71q4-11dy-6ua7","summary":"The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9663.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9663.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9663","reference_id":"","reference_type":"","scores":[{"value":"0.02497","scoring_system":"epss","scoring_elements":"0.85598","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191085","reference_id":"1191085","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191085"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656","reference_id":"777656","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656"},{"reference_url":"https://security.gentoo.org/glsa/201503-05","reference_id":"GLSA-201503-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0696","reference_id":"RHSA-2015:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2014-9663"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-71q4-11dy-6ua7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2265?format=json","vulnerability_id":"VCID-79xr-2yux-37ea","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1130.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1130.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1130","reference_id":"","reference_type":"","scores":[{"value":"0.02967","scoring_system":"epss","scoring_elements":"0.86758","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1130"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800587","reference_id":"800587","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130","reference_id":"CVE-2012-1130","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1130"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0467","reference_id":"RHSA-2012:0467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0467"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1130"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-79xr-2yux-37ea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69384?format=json","vulnerability_id":"VCID-7vjf-m96b-6uay","summary":"type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9661.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9661.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9661","reference_id":"","reference_type":"","scores":[{"value":"0.04005","scoring_system":"epss","scoring_elements":"0.88644","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191083","reference_id":"1191083","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191083"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656","reference_id":"777656","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656"},{"reference_url":"https://security.gentoo.org/glsa/201503-05","reference_id":"GLSA-201503-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0696","reference_id":"RHSA-2015:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2014-9661"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7vjf-m96b-6uay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69433?format=json","vulnerability_id":"VCID-86b1-gj4n-eybh","summary":"The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9747.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9747.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9747","reference_id":"","reference_type":"","scores":[{"value":"0.01099","scoring_system":"epss","scoring_elements":"0.78369","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1262373","reference_id":"1262373","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1262373"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798619","reference_id":"798619","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798619"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2014-9747"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-86b1-gj4n-eybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69429?format=json","vulnerability_id":"VCID-8pge-za7q-8ugx","summary":"The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a \"broken number-with-base\" in a Postscript stream, as demonstrated by 8#garbage.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9745.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9745.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9745","reference_id":"","reference_type":"","scores":[{"value":"0.02852","scoring_system":"epss","scoring_elements":"0.86501","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1262377","reference_id":"1262377","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1262377"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798620","reference_id":"798620","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798620"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"},{"url":"http://public2.vulnerablecode.io/api/packages/4377?format=json","purl":"pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3%252Bdeb8u2"}],"aliases":["CVE-2014-9745"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8pge-za7q-8ugx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2270?format=json","vulnerability_id":"VCID-8sk7-1vxp-9bgd","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1135.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1135.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1135","reference_id":"","reference_type":"","scores":[{"value":"0.03525","scoring_system":"epss","scoring_elements":"0.87862","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1135"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800593","reference_id":"800593","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800593"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135","reference_id":"CVE-2012-1135","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1135"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1135"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8sk7-1vxp-9bgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1201?format=json","vulnerability_id":"VCID-8zjm-pmh1-p7a2","summary":"In Freetype, if PNG images were embedded into fonts, the Load_SBit_Png function contained an integer overflow that led to a heap buffer overflow, memory corruption, and an exploitable crash.*Note: While Project Zero did discover instances of this vulnerability being exploited in the wild against Chrome, in Firefox this vulnerability is only triggerable if a rarely-used, hidden preference is toggled, and only affected Linux and Android operating systems. Other operating systems are unaffected; and Linux and Android are unaffected in the default configuration.*","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15999.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15999.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15999","reference_id":"","reference_type":"","scores":[{"value":"0.93031","scoring_system":"epss","scoring_elements":"0.99792","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15999"},{"reference_url":"https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html"},{"reference_url":"https://crbug.com/1139963","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://crbug.com/1139963"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15959","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15959"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15960","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15960"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15961","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15962","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15962"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15963","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15963"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15964","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15964"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15966","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15967","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15967"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15968","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15968"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15970","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15970"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15971","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15971"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15972","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15973","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15973"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15974","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15974"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15978","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15978"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15979","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15979"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15980","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15980"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15981","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15981"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15982","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15982"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15983","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15983"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15985","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15985"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15987","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15987"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15990","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15990"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15992","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15992"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16000","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16000"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16001","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16002","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16004"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16016","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16016"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16018","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16018"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16027","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16027"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16028","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16028"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16029","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16029"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16030","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16030"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16032","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16032"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16037","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6510","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6510"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6512","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6516"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6521","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6521"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6522"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6523","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6523"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6524","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6524"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6525","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6525"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6527","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6527"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6531","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6531"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6532","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6532"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6533","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6533"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6534","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6534"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6540","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6540"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6541","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6541"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6542"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6543","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6543"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6548"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6549","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6549"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6551","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6551"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6552","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6552"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6553","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6553"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6554","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6554"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6556"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6557","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6557"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6559","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6559"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6563","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6563"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6564","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6564"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6565","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6568","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6568"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6569","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6569"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6570","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6570"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6571"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6573","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6573"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6576"},{"reference_url":"http://seclists.org/fulldisclosure/2020/Nov/33","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2020/Nov/33"},{"reference_url":"https://github.com/cefsharp/CefSharp","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cefsharp/CefSharp"},{"reference_url":"https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://googleprojectzero.blogspot.com/p/rca-cve-2020-15999.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3QVIGAAJ4D62YEJAJJWMCCBCOQ6TVL7"},{"reference_url":"https://security.gentoo.org/glsa/202011-12","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202011-12"},{"reference_url":"https://security.gentoo.org/glsa/202012-04","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202012-04"},{"reference_url":"https://security.gentoo.org/glsa/202401-19","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202401-19"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240812-0001","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240812-0001"},{"reference_url":"https://www.debian.org/security/2021/dsa-4824","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4824"},{"reference_url":"https://www.nuget.org/packages/CefSharp.Common","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.nuget.org/packages/CefSharp.Common"},{"reference_url":"https://www.nuget.org/packages/CefSharp.WinForms","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.nuget.org/packages/CefSharp.WinForms"},{"reference_url":"https://www.nuget.org/packages/CefSharp.Wpf","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.nuget.org/packages/CefSharp.Wpf"},{"reference_url":"https://www.nuget.org/packages/CefSharp.Wpf.HwndHost","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.nuget.org/packages/CefSharp.Wpf.HwndHost"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1890210","reference_id":"1890210","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1890210"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972586","reference_id":"972586","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972586"},{"reference_url":"https://security.archlinux.org/ASA-202010-10","reference_id":"ASA-202010-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202010-10"},{"reference_url":"https://security.archlinux.org/ASA-202010-11","reference_id":"ASA-202010-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202010-11"},{"reference_url":"https://security.archlinux.org/ASA-202011-12","reference_id":"ASA-202011-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-12"},{"reference_url":"https://security.archlinux.org/AVG-1254","reference_id":"AVG-1254","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1254"},{"reference_url":"https://security.archlinux.org/AVG-1255","reference_id":"AVG-1255","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1255"},{"reference_url":"https://security.archlinux.org/AVG-1279","reference_id":"AVG-1279","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1279"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15999","reference_id":"CVE-2020-15999","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15999"},{"reference_url":"https://github.com/advisories/GHSA-pv36-h7jh-qm62","reference_id":"GHSA-pv36-h7jh-qm62","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pv36-h7jh-qm62"},{"reference_url":"https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62","reference_id":"GHSA-pv36-h7jh-qm62","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cefsharp/CefSharp/security/advisories/GHSA-pv36-h7jh-qm62"},{"reference_url":"https://security.gentoo.org/glsa/202010-07","reference_id":"GLSA-202010-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202010-07"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-50","reference_id":"mfsa2020-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-50"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-51","reference_id":"mfsa2020-51","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-51"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-52","reference_id":"mfsa2020-52","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-52"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4351","reference_id":"RHSA-2020:4351","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4351"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4907","reference_id":"RHSA-2020:4907","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4949","reference_id":"RHSA-2020:4949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4950","reference_id":"RHSA-2020:4950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4951","reference_id":"RHSA-2020:4951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4952","reference_id":"RHSA-2020:4952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4952"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5534?format=json","purl":"pkg:deb/debian/freetype@2.9.1-3%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8zjm-pmh1-p7a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.9.1-3%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/6119?format=json","purl":"pkg:deb/debian/freetype@2.10.4%2Bdfsg-1%2Bdeb11u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.10.4%252Bdfsg-1%252Bdeb11u1"}],"aliases":["CVE-2020-15999","GHSA-pv36-h7jh-qm62"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zjm-pmh1-p7a2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69409?format=json","vulnerability_id":"VCID-9ud1-v7xu-g7dy","summary":"Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9670.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9670.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9670","reference_id":"","reference_type":"","scores":[{"value":"0.03266","scoring_system":"epss","scoring_elements":"0.87389","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191093","reference_id":"1191093","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191093"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656","reference_id":"777656","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656"},{"reference_url":"https://security.gentoo.org/glsa/201503-05","reference_id":"GLSA-201503-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0696","reference_id":"RHSA-2015:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2014-9670"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ud1-v7xu-g7dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2273?format=json","vulnerability_id":"VCID-aswe-3g48-wfgm","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1138.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1138.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1138","reference_id":"","reference_type":"","scores":[{"value":"0.03525","scoring_system":"epss","scoring_elements":"0.87862","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1138"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800597","reference_id":"800597","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138","reference_id":"CVE-2012-1138","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1138"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1138"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aswe-3g48-wfgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69415?format=json","vulnerability_id":"VCID-axt7-mnzh-vqhp","summary":"Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9672.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9672.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9672","reference_id":"","reference_type":"","scores":[{"value":"0.03153","scoring_system":"epss","scoring_elements":"0.87142","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191095","reference_id":"1191095","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191095"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656","reference_id":"777656","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656"},{"reference_url":"https://security.gentoo.org/glsa/201503-05","reference_id":"GLSA-201503-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2014-9672"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-axt7-mnzh-vqhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69398?format=json","vulnerability_id":"VCID-d2ph-8m1f-kfc3","summary":"The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9666.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9666.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9666","reference_id":"","reference_type":"","scores":[{"value":"0.01239","scoring_system":"epss","scoring_elements":"0.79573","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191089","reference_id":"1191089","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191089"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656","reference_id":"777656","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656"},{"reference_url":"https://security.gentoo.org/glsa/201503-05","reference_id":"GLSA-201503-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2014-9666"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d2ph-8m1f-kfc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69430?format=json","vulnerability_id":"VCID-d47r-eebb-jba6","summary":"The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9746.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9746.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9746","reference_id":"","reference_type":"","scores":[{"value":"0.00842","scoring_system":"epss","scoring_elements":"0.75095","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1262373","reference_id":"1262373","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1262373"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798619","reference_id":"798619","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798619"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2014-9746"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d47r-eebb-jba6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69406?format=json","vulnerability_id":"VCID-dg4p-f6uk-gkgy","summary":"Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9669.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9669.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9669","reference_id":"","reference_type":"","scores":[{"value":"0.01838","scoring_system":"epss","scoring_elements":"0.83295","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191092","reference_id":"1191092","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191092"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656","reference_id":"777656","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656"},{"reference_url":"https://security.gentoo.org/glsa/201503-05","reference_id":"GLSA-201503-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0696","reference_id":"RHSA-2015:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2014-9669"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dg4p-f6uk-gkgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2268?format=json","vulnerability_id":"VCID-e4yc-a8j8-mqfq","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1133.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1133.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1133","reference_id":"","reference_type":"","scores":[{"value":"0.03525","scoring_system":"epss","scoring_elements":"0.87862","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1133"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800591","reference_id":"800591","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133","reference_id":"CVE-2012-1133","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1133"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1133"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e4yc-a8j8-mqfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69412?format=json","vulnerability_id":"VCID-epxh-ss4r-zbdn","summary":"Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9671.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9671.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9671","reference_id":"","reference_type":"","scores":[{"value":"0.02062","scoring_system":"epss","scoring_elements":"0.84233","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191094","reference_id":"1191094","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191094"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656","reference_id":"777656","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656"},{"reference_url":"https://security.gentoo.org/glsa/201503-05","reference_id":"GLSA-201503-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0696","reference_id":"RHSA-2015:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2014-9671"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-epxh-ss4r-zbdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2264?format=json","vulnerability_id":"VCID-fe3g-ww6q-hqa8","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1129.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1129.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1129","reference_id":"","reference_type":"","scores":[{"value":"0.02967","scoring_system":"epss","scoring_elements":"0.86758","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1129"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800585","reference_id":"800585","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129","reference_id":"CVE-2012-1129","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1129"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1129"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fe3g-ww6q-hqa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2272?format=json","vulnerability_id":"VCID-g8bk-9bsd-p7bk","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1137.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1137.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1137","reference_id":"","reference_type":"","scores":[{"value":"0.02967","scoring_system":"epss","scoring_elements":"0.86758","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1137"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800595","reference_id":"800595","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800595"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137","reference_id":"CVE-2012-1137","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1137"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0467","reference_id":"RHSA-2012:0467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0467"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1137"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g8bk-9bsd-p7bk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69367?format=json","vulnerability_id":"VCID-gwdk-xf64-kuen","summary":"The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9656.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9656.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9656","reference_id":"","reference_type":"","scores":[{"value":"0.02359","scoring_system":"epss","scoring_elements":"0.85214","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9656"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191078","reference_id":"1191078","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191078"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656","reference_id":"777656","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656"},{"reference_url":"https://security.gentoo.org/glsa/201503-05","reference_id":"GLSA-201503-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2014-9656"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gwdk-xf64-kuen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2261?format=json","vulnerability_id":"VCID-jqjv-gjbe-dbfg","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1126.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1126.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1126","reference_id":"","reference_type":"","scores":[{"value":"0.03091","scoring_system":"epss","scoring_elements":"0.87032","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1126"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800581","reference_id":"800581","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126","reference_id":"CVE-2012-1126","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1126"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0467","reference_id":"RHSA-2012:0467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0467"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1126"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jqjv-gjbe-dbfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2276?format=json","vulnerability_id":"VCID-kemx-zuam-uqab","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1141.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1141.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1141","reference_id":"","reference_type":"","scores":[{"value":"0.02967","scoring_system":"epss","scoring_elements":"0.86758","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1141"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800602","reference_id":"800602","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141","reference_id":"CVE-2012-1141","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1141"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0467","reference_id":"RHSA-2012:0467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0467"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1141"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kemx-zuam-uqab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6574?format=json","vulnerability_id":"VCID-keyh-yygz-y7ep","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8105.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8105.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8105","reference_id":"","reference_type":"","scores":[{"value":"0.00966","scoring_system":"epss","scoring_elements":"0.76919","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8105"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1446500","reference_id":"1446500","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1446500"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861220","reference_id":"861220","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861220"},{"reference_url":"https://security.archlinux.org/ASA-201705-10","reference_id":"ASA-201705-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201705-10"},{"reference_url":"https://security.archlinux.org/ASA-201705-7","reference_id":"ASA-201705-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201705-7"},{"reference_url":"https://security.archlinux.org/AVG-257","reference_id":"AVG-257","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-257"},{"reference_url":"https://security.archlinux.org/AVG-258","reference_id":"AVG-258","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-258"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4377?format=json","purl":"pkg:deb/debian/freetype@2.5.2-3%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.5.2-3%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5533?format=json","purl":"pkg:deb/debian/freetype@2.6.3-3.2%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8zjm-pmh1-p7a2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.6.3-3.2%252Bdeb9u1"}],"aliases":["CVE-2017-8105"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-keyh-yygz-y7ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2271?format=json","vulnerability_id":"VCID-kwd7-sv6y-eyh8","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1136.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1136.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1136","reference_id":"","reference_type":"","scores":[{"value":"0.04956","scoring_system":"epss","scoring_elements":"0.89835","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1136"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800594","reference_id":"800594","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800594"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136","reference_id":"CVE-2012-1136","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1136"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0467","reference_id":"RHSA-2012:0467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0467"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1136"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kwd7-sv6y-eyh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69381?format=json","vulnerability_id":"VCID-nsas-gyxj-67g2","summary":"The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9660.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9660.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9660","reference_id":"","reference_type":"","scores":[{"value":"0.04649","scoring_system":"epss","scoring_elements":"0.89483","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191082","reference_id":"1191082","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191082"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656","reference_id":"777656","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656"},{"reference_url":"https://security.gentoo.org/glsa/201503-05","reference_id":"GLSA-201503-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0696","reference_id":"RHSA-2015:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2014-9660"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nsas-gyxj-67g2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2267?format=json","vulnerability_id":"VCID-psxs-t1t2-bkba","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1132.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1132.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1132","reference_id":"","reference_type":"","scores":[{"value":"0.02967","scoring_system":"epss","scoring_elements":"0.86758","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1132"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800590","reference_id":"800590","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132","reference_id":"CVE-2012-1132","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1132"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0467","reference_id":"RHSA-2012:0467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0467"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1132"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-psxs-t1t2-bkba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69374?format=json","vulnerability_id":"VCID-qpms-y8cx-dkdw","summary":"The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9658.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9658.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9658","reference_id":"","reference_type":"","scores":[{"value":"0.01688","scoring_system":"epss","scoring_elements":"0.82561","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191080","reference_id":"1191080","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191080"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656","reference_id":"777656","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656"},{"reference_url":"https://security.gentoo.org/glsa/201503-05","reference_id":"GLSA-201503-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0696","reference_id":"RHSA-2015:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2014-9658"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpms-y8cx-dkdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69425?format=json","vulnerability_id":"VCID-r3y3-86vk-5fem","summary":"bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9675.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9675.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9675","reference_id":"","reference_type":"","scores":[{"value":"0.0141","scoring_system":"epss","scoring_elements":"0.80841","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9675"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191192","reference_id":"1191192","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191192"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656","reference_id":"777656","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656"},{"reference_url":"https://security.gentoo.org/glsa/201503-05","reference_id":"GLSA-201503-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0696","reference_id":"RHSA-2015:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2014-9675"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r3y3-86vk-5fem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2274?format=json","vulnerability_id":"VCID-r47y-we15-pqg3","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1139.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1139.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1139","reference_id":"","reference_type":"","scores":[{"value":"0.02967","scoring_system":"epss","scoring_elements":"0.86758","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1139"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800598","reference_id":"800598","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139","reference_id":"CVE-2012-1139","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1139"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0467","reference_id":"RHSA-2012:0467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0467"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1139"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r47y-we15-pqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69393?format=json","vulnerability_id":"VCID-rqa9-mp2r-g3cn","summary":"FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9664.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9664.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9664","reference_id":"","reference_type":"","scores":[{"value":"0.01169","scoring_system":"epss","scoring_elements":"0.78991","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191086","reference_id":"1191086","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191086"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656","reference_id":"777656","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656"},{"reference_url":"https://security.gentoo.org/glsa/201503-05","reference_id":"GLSA-201503-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0696","reference_id":"RHSA-2015:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2014-9664"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rqa9-mp2r-g3cn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69422?format=json","vulnerability_id":"VCID-tadq-59q1-z7gw","summary":"The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9674.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9674.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9674","reference_id":"","reference_type":"","scores":[{"value":"0.04311","scoring_system":"epss","scoring_elements":"0.89073","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9674"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9674","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9674"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191190","reference_id":"1191190","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191190"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656","reference_id":"777656","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656"},{"reference_url":"https://security.gentoo.org/glsa/201503-05","reference_id":"GLSA-201503-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0696","reference_id":"RHSA-2015:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2014-9674"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tadq-59q1-z7gw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2275?format=json","vulnerability_id":"VCID-tvvd-q7nw-eyey","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1140.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1140.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1140","reference_id":"","reference_type":"","scores":[{"value":"0.02967","scoring_system":"epss","scoring_elements":"0.86758","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1140"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800600","reference_id":"800600","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800600"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1140","reference_id":"CVE-2012-1140","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1140"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0467","reference_id":"RHSA-2012:0467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0467"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1140"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tvvd-q7nw-eyey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69401?format=json","vulnerability_id":"VCID-uuq4-51jp-fqfj","summary":"sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9667.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9667.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9667","reference_id":"","reference_type":"","scores":[{"value":"0.01771","scoring_system":"epss","scoring_elements":"0.82996","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191090","reference_id":"1191090","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191090"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656","reference_id":"777656","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656"},{"reference_url":"https://security.gentoo.org/glsa/201503-05","reference_id":"GLSA-201503-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0696","reference_id":"RHSA-2015:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2014-9667"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uuq4-51jp-fqfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69418?format=json","vulnerability_id":"VCID-uyr7-9j1h-eker","summary":"Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9673.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9673.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9673","reference_id":"","reference_type":"","scores":[{"value":"0.02793","scoring_system":"epss","scoring_elements":"0.86364","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191096","reference_id":"1191096","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191096"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656","reference_id":"777656","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656"},{"reference_url":"https://security.gentoo.org/glsa/201503-05","reference_id":"GLSA-201503-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201503-05"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0696","reference_id":"RHSA-2015:0696","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2014-9673"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyr7-9j1h-eker"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2279?format=json","vulnerability_id":"VCID-vx31-mywv-1fhr","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1144.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1144.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1144","reference_id":"","reference_type":"","scores":[{"value":"0.03525","scoring_system":"epss","scoring_elements":"0.87862","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1144"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800607","reference_id":"800607","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800607"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1144","reference_id":"CVE-2012-1144","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1144"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0467","reference_id":"RHSA-2012:0467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0467"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1144"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vx31-mywv-1fhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2277?format=json","vulnerability_id":"VCID-xxs6-891m-t3bm","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1142.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1142.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1142","reference_id":"","reference_type":"","scores":[{"value":"0.04956","scoring_system":"epss","scoring_elements":"0.89835","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1142"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800604","reference_id":"800604","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142","reference_id":"CVE-2012-1142","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1142"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0467","reference_id":"RHSA-2012:0467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0467"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1142"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xxs6-891m-t3bm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2269?format=json","vulnerability_id":"VCID-z2q3-ejur-8uhb","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1134.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1134.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1134","reference_id":"","reference_type":"","scores":[{"value":"0.05858","scoring_system":"epss","scoring_elements":"0.90723","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1134"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800592","reference_id":"800592","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800592"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134","reference_id":"CVE-2012-1134","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1134"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0467","reference_id":"RHSA-2012:0467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0467"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1134"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z2q3-ejur-8uhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2278?format=json","vulnerability_id":"VCID-z66j-hvpb-9ydk","summary":"Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1143.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1143.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1143","reference_id":"","reference_type":"","scores":[{"value":"0.02148","scoring_system":"epss","scoring_elements":"0.8455","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1143"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864","reference_id":"662864","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=800606","reference_id":"800606","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=800606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143","reference_id":"CVE-2012-1143","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1143"},{"reference_url":"https://security.gentoo.org/glsa/201204-04","reference_id":"GLSA-201204-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201204-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21","reference_id":"mfsa2012-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0467","reference_id":"RHSA-2012:0467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0467"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4375?format=json","purl":"pkg:deb/debian/freetype@2.4.9-1.1%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3r2c-py99-3bbt"},{"vulnerability":"VCID-6bcv-2cx6-77es"},{"vulnerability":"VCID-8pge-za7q-8ugx"},{"vulnerability":"VCID-8zjm-pmh1-p7a2"},{"vulnerability":"VCID-keyh-yygz-y7ep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@2.4.9-1.1%252Bdeb7u3"}],"aliases":["CVE-2012-1143"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z66j-hvpb-9ydk"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freetype@1.2-3"}