VulnerableCode Package Details - pkg:deb/ubuntu/freetype@2.8.1-2ubuntu2

Search for packages

Package details: pkg:deb/ubuntu/freetype@2.8.1-2ubuntu2

Essentials
History (0)

purl	pkg:deb/ubuntu/freetype@2.8.1-2ubuntu2

Next non-vulnerable version	2.10.1-2ubuntu0.1
Latest non-vulnerable version	2.10.1-2ubuntu0.1
Risk	10.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-9zes-c5mb-aaaj Aliases: CVE-2020-15999 GHSA-pv36-h7jh-qm62	Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2.10.1-2ubuntu0.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (4)

Vulnerability	Summary	Aliases
VCID-13zd-edqz-aaaf	In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again.	CVE-2015-9290
VCID-cpmd-zxd4-aaag	FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.	CVE-2015-9382
VCID-fx3b-852a-aaag	FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.	CVE-2015-9381
VCID-wyjf-w4nz-aaaa	FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.	CVE-2015-9383

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version