VulnerableCode Package Details - pkg:deb/debian/freetype@2.9.1-3%2Bdeb10u3

Search for packages

Vulnerability	Summary	Fixed by
VCID-13a9-rqnw-ukf1 Aliases: CVE-2020-15999 GHSA-pv36-h7jh-qm62	In Freetype, if PNG images were embedded into fonts, the Load_SBit_Png function contained an integer overflow that led to a heap buffer overflow, memory corruption, and an exploitable crash.Note: While Project Zero did discover instances of this vulnerability being exploited in the wild against Chrome, in Firefox this vulnerability is only triggerable if a rarely-used, hidden preference is toggled, and only affected Linux and Android operating systems. Other operating systems are unaffected; and Linux and Android are unaffected in the default configuration.	2.10.4+dfsg-1+deb11u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-5pbn-p8wu-n3bt Aliases: CVE-2022-27404	FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.	2.10.4+dfsg-1+deb11u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-61ee-ck9d-nug1 Aliases: CVE-2022-27406	FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.	2.10.4+dfsg-1+deb11u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-abqn-f785-3ydv Aliases: CVE-2022-27405	FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.	2.10.4+dfsg-1+deb11u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-yt26-14rb-hfet Aliases: CVE-2025-27363	An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.	2.12.1+dfsg-5+deb12u4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-13a9-rqnw-ukf1
Aliases:
CVE-2020-15999
GHSA-pv36-h7jh-qm62

In Freetype, if PNG images were embedded into fonts, the Load_SBit_Png function contained an integer overflow that led to a heap buffer overflow, memory corruption, and an exploitable crash.*Note: While Project Zero did discover instances of this vulnerability being exploited in the wild against Chrome, in Firefox this vulnerability is only triggerable if a rarely-used, hidden preference is toggled, and only affected Linux and Android operating systems. Other operating systems are unaffected; and Linux and Android are unaffected in the default configuration.*

2.10.4+dfsg-1+deb11u1
Affected by 2 other vulnerabilities.

VCID-5pbn-p8wu-n3bt
Aliases:
CVE-2022-27404

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.

2.10.4+dfsg-1+deb11u1
Affected by 2 other vulnerabilities.

VCID-61ee-ck9d-nug1
Aliases:
CVE-2022-27406

FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.

2.10.4+dfsg-1+deb11u1
Affected by 2 other vulnerabilities.

VCID-abqn-f785-3ydv
Aliases:
CVE-2022-27405

FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.

2.10.4+dfsg-1+deb11u1
Affected by 2 other vulnerabilities.

VCID-yt26-14rb-hfet
Aliases:
CVE-2025-27363

An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

2.12.1+dfsg-5+deb12u4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-13a9-rqnw-ukf1	In Freetype, if PNG images were embedded into fonts, the Load_SBit_Png function contained an integer overflow that led to a heap buffer overflow, memory corruption, and an exploitable crash.Note: While Project Zero did discover instances of this vulnerability being exploited in the wild against Chrome, in Firefox this vulnerability is only triggerable if a rarely-used, hidden preference is toggled, and only affected Linux and Android operating systems. Other operating systems are unaffected; and Linux and Android are unaffected in the default configuration.	CVE-2020-15999 GHSA-pv36-h7jh-qm62
VCID-xxdy-qcnu-23cn	An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.	CVE-2018-6942

Vulnerability

Summary

Aliases

VCID-13a9-rqnw-ukf1

CVE-2020-15999
GHSA-pv36-h7jh-qm62

VCID-xxdy-qcnu-23cn

An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.

CVE-2018-6942

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T19:49:39.390851+00:00	Debian Oval Importer	Affected by	VCID-yt26-14rb-hfet	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:12:22.168974+00:00	Debian Oval Importer	Fixing	VCID-xxdy-qcnu-23cn	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:56:04.283650+00:00	Debian Oval Importer	Affected by	VCID-61ee-ck9d-nug1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:23:27.838220+00:00	Debian Oval Importer	Affected by	VCID-13a9-rqnw-ukf1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:57:16.873890+00:00	Debian Oval Importer	Affected by	VCID-5pbn-p8wu-n3bt	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:33:27.985677+00:00	Debian Oval Importer	Affected by	VCID-abqn-f785-3ydv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T11:43:08.494072+00:00	Debian Oval Importer	Fixing	VCID-13a9-rqnw-ukf1	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0