pkg:Debian/freetype
126 total CVEsCRITICAL8HIGH12MEDIUM8
✅ Check your installed version
All known vulnerabilities
- from 0, < 2.10.4+dfsg-1+deb11u2
- from 0, < 2.10.4+dfsg-1+deb11u2
- from 0, < 2.12.1+dfsg-5+deb12u4
- from 0, < 2.10.2+dfsg-4
- from 0, < 2.9.1-3+deb10u2
- from 0, < 2.6.3-3.2+deb9u2
- CRITICAL9.8CVE-2022-27404FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.from 0, < 2.10.4+dfsg-1+deb11u1
- from 0, < 2.5.2-3+deb8u3
- from 0, < 2.6.1-0.1
- from 0, < 2.4.9-1.1+deb7u7
- from 0, < 2.6.3-3.2
- from 0, < 2.6.3-3.2
- from 0, < 2.4.9-1.1+deb7u6
- CRITICAL9.8CVE-2014-9746The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix fun…from 0, < 2.6-1
- from 0, < 2.5.2-3+deb8u4
- from 0, < 2.6.1-0.1
- HIGH7.8CVE-2022-31782ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.from 0
- from 0, < 2.6.3-3.1
- from 0, < 2.4.9-1.1+deb7u4
- from 0, < 2.5.2-3+deb8u2
- HIGH7.5CVE-2022-27406FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Siz…from 0, < 2.10.4+dfsg-1+deb11u1
- HIGH7.5CVE-2022-27405FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Reque…from 0, < 2.10.4+dfsg-1+deb11u1
- HIGH7.5CVE-2014-9747The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-…from 0, < 2.6-1
- MEDIUM6.5CVE-2015-9383FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.from 0, < 2.6.3-1
- MEDIUM6.5CVE-2015-9382FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_M…from 0, < 2.6.1-0.1
- from 0, < 2.9.1-3
- from 0, < 2.13.3+dfsg-1+deb13u1
- from 0, < 2.13.3+dfsg-1+deb13u1
- from 0, < 2.6-1
- from 0, < 2.4.2-2.1+squeeze6
- from 0, < 2.4.9-1.1+deb7u2
- —CVE-2014-9675bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote…from 0, < 2.5.2-3
- from 0, < 2.5.2-3
- from 0, < 2.4.9-1.1+deb7u3
- —CVE-2014-9673Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause…from 0, < 2.5.2-3
- —CVE-2014-9672Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service…from 0, < 2.5.2-3
- —CVE-2014-9671Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of…from 0, < 2.5.2-3
- —CVE-2014-9670Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to ca…from 0, < 2.5.2-3
- —CVE-2014-9669Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds rea…from 0, < 2.5.2-3
- —CVE-2014-9668The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length v…from 0, < 2.5.2-3
- —CVE-2014-9667sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attacke…from 0, < 2.5.2-3
- —CVE-2014-9666The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting t…from 0, < 2.5.2-3
- —CVE-2014-9665The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows…from 0, < 2.5.2-3
- —CVE-2014-9664FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denia…from 0, < 2.5.2-3
- —CVE-2014-9663The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is comp…from 0, < 2.5.2-3
- —CVE-2014-9662cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to ca…from 0, < 2.5.2-3
- —CVE-2014-9661type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remo…from 0, < 2.5.2-3
- —CVE-2014-9660The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows rem…from 0, < 2.5.2-3
- —CVE-2014-9659cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been compu…from 0, < 2.5.2-3
- —CVE-2014-9658The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote at…from 0, < 2.5.2-3
- —CVE-2014-9657The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote…from 0, < 2.5.2-3
- from 0, < 2.4.2-2.1+squeeze5
- from 0, < 2.4.9-1.1+deb7u1
- from 0, < 2.5.2-3
- —CVE-2014-2241The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly chec…from 0, < 2.5.2-1.1
- —CVE-2014-2240Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a…from 0, < 2.5.2-1.1
- —CVE-2012-5670The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds wri…from 0, < 2.4.9-1.1
- —CVE-2012-5669The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possib…from 0, < 2.4.9-1.1
- —CVE-2012-5668FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors rel…from 0, < 2.4.9-1.1
- —CVE-2012-1144FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…from 0, < 2.4.9-1
- —CVE-2012-1143FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…from 0, < 2.4.9-1
- —CVE-2012-1142FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…from 0, < 2.4.9-1
- —CVE-2012-1141FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…from 0, < 2.4.9-1
- —CVE-2012-1140FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…from 0, < 2.4.9-1
- —CVE-2012-1139Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to…from 0, < 2.4.9-1
- —CVE-2012-1138FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…from 0, < 2.4.9-1
- —CVE-2012-1137FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…from 0, < 2.4.9-1
- —CVE-2012-1136FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…from 0, < 2.4.9-1
- —CVE-2012-1135FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…from 0, < 2.4.9-1
- —CVE-2012-1134FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…from 0, < 2.4.9-1
- from 0, < 2.4.2-2.1+squeeze4
- from 0, < 2.4.9-1
- —CVE-2012-1132FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…from 0, < 2.4.9-1
- —CVE-2012-1131FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to c…from 0, < 2.4.9-1
- —CVE-2012-1130FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…from 0, < 2.4.9-1
- —CVE-2012-1129FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…from 0, < 2.4.9-1
- —CVE-2012-1128FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…from 0, < 2.4.9-1
- —CVE-2012-1127FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…from 0, < 2.4.9-1
- —CVE-2012-1126FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…from 0, < 2.4.9-1
- from 0, < 2.3.7-2+lenny8
- from 0, < 2.4.8-1
- from 0, < 2.3.7-2+lenny7
- from 0, < 2.4.7-1
- from 0, < 2.4.6-1
- from 0, < 2.3.7-2+lenny6
- from 0, < 2.4.0-1
- from 0, < 2.3.7-2+lenny4
- —CVE-2010-3855Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to caus…from 0, < 2.4.2-2.1
- from 0, < 2.4.2-2.1
- from 0, < 2.3.7-2+lenny5
- —CVE-2010-3054Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vect…from 0, < 2.4.2-1
- —CVE-2010-3053bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file,…from 0, < 2.4.2-1
- —CVE-2010-2808Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial…from 0, < 2.4.2-1
- —CVE-2010-2807FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service…from 0, < 2.4.2-1
- —CVE-2010-2806Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial o…from 0, < 2.4.2-1
- —CVE-2010-2805The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which all…from 0, < 2.4.2-1
- —CVE-2010-2541Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (app…from 0, < 2.4.2-1
- —CVE-2010-2527Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash)…from 0, < 2.4.0-1
- —CVE-2010-2520Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabl…from 0, < 2.4.0-1
- —CVE-2010-2519Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to caus…from 0, < 2.4.0-1
- —CVE-2010-2500Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of…from 0, < 2.4.0-1
- —CVE-2010-2499Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial…from 0, < 2.4.0-1
- —CVE-2010-2498The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which a…from 0, < 2.4.0-1
- from 0, < 2.4.0-1
- from 0, < 2.3.7-2+lenny2
- from 0, < 2.4.2-1
- from 0, < 2.3.7-2+lenny3
- from 0, < 2.2.1-5+etch4
- from 0, < 2.3.9-4.1
- —CVE-2008-1807FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font…from 0, < 2.3.6-1
- —CVE-2008-1808Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in…from 0, < 2.3.6-1
- from 0, < 2.2.1-5+etch3
- from 0, < 2.3.5-1+lenny1
- from 0, < 2.3.6-1
- —CVE-2007-3506The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of servic…from 0, < 2.3.4
- from 0, < 2.2.1-5+etch1
- from 0, < 2.2.1-6
- from 0, < 2.1.7-8
- from 0, < 2.2.1-5+etch2
- from 0, < 2.3.5-1
- from 0, < 2.2.1-5
- from 0, < 2.1.7-6
- —CVE-2006-2661ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null d…from 0, < 2.2.1-1
- from 0, < 2.0.9-1woody1
- —CVE-2006-1861Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrar…from 0, < 2.2.1-1
- from 0, < 2.2.1-1