Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

freetype freetype 2.3.8 vulnerabilities and exploits

(subscribe to this query)
828
VMScore
CVE-2010-3311
Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType prior to 2.4 allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a ...
Freetype Freetype 2.3.6Freetype Freetype 2.1.9Freetype Freetype 2.1.10Freetype Freetype 2.3.4Freetype Freetype 2.3.5Freetype Freetype 2.1Freetype Freetype 2.1.5Freetype Freetype 2.3.10Freetype FreetypeFreetype Freetype 1.3.1Freetype Freetype 2.1.8Freetype Freetype 2.2.10Freetype Freetype 2.2.1Freetype Freetype 2.1.3Freetype Freetype 2.3.3Freetype Freetype 2.1.6Freetype Freetype 2.3.0Freetype Freetype 2.3.1Freetype Freetype 2.0.9Freetype Freetype 2.3.7Freetype Freetype 2.0.6Freetype Freetype 2.3.8
605
VMScore
CVE-2010-3814
Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and previous versions allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, a...
Freetype Freetype 2.1.8Freetype Freetype 2.1.3Freetype Freetype 2.4.1Freetype Freetype 2.4.2Freetype Freetype 2.3.12Freetype Freetype 2.3.11Freetype Freetype 2.1.6Freetype Freetype 2.3.9Freetype Freetype 2.2.1Freetype Freetype 2.0.6Freetype Freetype 2.3.2Freetype Freetype 2.4.0Freetype Freetype 1.3.1Freetype FreetypeFreetype Freetype 2.3.4Freetype Freetype 2.3.3Freetype Freetype 2.1.7Freetype Freetype 2.1.4Freetype Freetype 2.2.10Freetype Freetype 2.3.6Freetype Freetype 2.3.5Freetype Freetype 2.3.1
605
VMScore
CVE-2010-3855
Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and previous versions allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.
Freetype Freetype 2.4.0Freetype Freetype 2.4.2Freetype Freetype 2.3.6Freetype Freetype 2.1.9Freetype Freetype 2.1.10Freetype Freetype 2.3.4Freetype Freetype 2.3.5Freetype Freetype 2.1Freetype Freetype 2.1.5Freetype Freetype 2.3.10Freetype Freetype 1.3.1Freetype Freetype 2.1.8Freetype Freetype 2.2.10Freetype Freetype 2.2.1Freetype Freetype 2.1.3Freetype Freetype 2.3.3Freetype Freetype 2.1.6Freetype Freetype 2.3.0Freetype Freetype 2.3.1Freetype FreetypeFreetype Freetype 2.4.1Freetype Freetype 2.0.9
383
VMScore
CVE-2010-3053
bdf/bdflib.c in FreeType prior to 2.4.2 allows remote malicious users to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.
Freetype Freetype 2.0.6Freetype Freetype 2.0.9Freetype Freetype 2.1Freetype Freetype 2.1.8Freetype Freetype 1.3.1Freetype Freetype 2.1.7Freetype Freetype 2.3.0Freetype Freetype 2.3.1Freetype Freetype 2.3.8Freetype Freetype 2.3.9Freetype Freetype 2.1.5Freetype Freetype 2.1.6Freetype Freetype 2.2.1Freetype Freetype 2.2.10Freetype Freetype 2.3.6Freetype Freetype 2.3.7Freetype Freetype 2.1.9Freetype Freetype 2.3.2Freetype Freetype 2.3.3Freetype Freetype 2.3.10Freetype Freetype 2.3.11Freetype Freetype 2.3.12
383
VMScore
CVE-2012-5669
The _bdf_parse_glyphs function in FreeType prior to 2.4.11 allows context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.
Freetype Freetype 2.4.0Freetype Freetype 2.4.4Freetype Freetype 2.3.9Freetype Freetype 2.3.8Freetype Freetype 2.3.10Freetype Freetype 2.3.1Freetype Freetype 2.1.8Freetype Freetype 2.0.4Freetype Freetype 2.0.5Freetype Freetype 2.0.6Freetype Freetype 1.3.1Freetype Freetype 2.4.9Freetype FreetypeFreetype Freetype 2.4.5Freetype Freetype 2.4.3Freetype Freetype 2.3.4Freetype Freetype 2.3.3Freetype Freetype 2.3.12Freetype Freetype 2.3.11Freetype Freetype 2.1.7Freetype Freetype 2.1.6Freetype Freetype 2.1
383
VMScore
CVE-2012-5668
FreeType prior to 2.4.11 allows context-dependent malicious users to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function.
Freetype Freetype 2.4.3Freetype Freetype 2.4.0Freetype Freetype 2.3.4Freetype Freetype 2.3.3Freetype Freetype 2.3.9Freetype Freetype 2.3.11Freetype Freetype 2.3.10Freetype Freetype 2.1.6Freetype Freetype 2.1.8Freetype Freetype 2.0.3Freetype Freetype 2.0.4Freetype Freetype 2.0.9Freetype Freetype 2.0.6Freetype Freetype 2.4.9Freetype Freetype 2.4.7Freetype Freetype 2.4.1Freetype Freetype 2.3.6Freetype Freetype 2.3.2Freetype Freetype 2.2.0Freetype Freetype 2.2.1Freetype Freetype 2.1.3Freetype Freetype 2.1.10
383
VMScore
CVE-2012-5670
The _bdf_parse_glyphs function in FreeType prior to 2.4.11 allows context-dependent malicious users to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value.
Freetype Freetype 2.4.4Freetype Freetype 2.4.8Freetype Freetype 2.3.8Freetype Freetype 2.3.7Freetype Freetype 2.3.1Freetype Freetype 2.3.0Freetype Freetype 2.1.8Freetype Freetype 2.1.3Freetype Freetype 2.0.5Freetype Freetype 2.0.7Freetype Freetype 1.3.1Freetype Freetype 2.4.3Freetype Freetype 2.4.0Freetype Freetype 2.3.3Freetype Freetype 2.3.9Freetype Freetype 2.3.11Freetype Freetype 2.3.10Freetype Freetype 2.1.6Freetype Freetype 2.0.3Freetype Freetype 2.0.4Freetype Freetype 2.0.9Freetype Freetype 2.0.6
668
VMScore
CVE-2014-2240
Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType prior to 2.5.3 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.
Freetype Freetype 2.5.1Freetype FreetypeFreetype Freetype 2.0.6Freetype Freetype 2.0.7Freetype Freetype 2.1.5Freetype Freetype 2.4.12Freetype Freetype 2.5Freetype Freetype 2.0.3Freetype Freetype 2.0.4Freetype Freetype 2.0.5Freetype Freetype 2.1.3Freetype Freetype 2.1.4Freetype Freetype 2.1.9Freetype Freetype 2.2.0Freetype Freetype 2.3.2Freetype Freetype 2.3.3Freetype Freetype 2.3.4Freetype Freetype 2.4.1Freetype Freetype 2.4.10Freetype Freetype 2.4.7Freetype Freetype 2.4.8Freetype Freetype 2.0.1
828
VMScore
CVE-2012-1127
FreeType prior to 2.4.9, as used in Mozilla Firefox Mobile prior to 10.0.4 and other products, allows remote malicious users to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a B...
Freetype Freetype 2.0.3Freetype Freetype 2.4.0Freetype Freetype 2.4.2Mozilla Firefox Mobile 4.0Freetype Freetype 2.3.6Freetype FreetypeFreetype Freetype 2.1.9Freetype Freetype 2.1.10Freetype Freetype 2.3.4Freetype Freetype 2.0.1Freetype Freetype 2.3.5Mozilla Firefox Mobile 8.0Mozilla Firefox Mobile 10.0.1Mozilla Firefox Mobile 7.0Freetype Freetype 2.1Freetype Freetype 2.1.5Freetype Freetype 2.3.10Mozilla Firefox Mobile 10.0.2Freetype Freetype 1.3.1Mozilla Firefox Mobile 6.0.2Freetype Freetype 2.4.4Freetype Freetype 2.4.6
828
VMScore
CVE-2012-1128
FreeType prior to 2.4.9, as used in Mozilla Firefox Mobile prior to 10.0.4 and other products, allows remote malicious users to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
Mozilla Firefox Mobile 10.0.2Mozilla Firefox Mobile 7.0Mozilla Firefox Mobile 6.0.2Mozilla Firefox Mobile 4.0Mozilla Firefox Mobile 1.0Freetype Freetype 2.4.7Freetype Freetype 2.4.6Freetype Freetype 2.4.0Freetype Freetype 2.3.12Freetype Freetype 2.3.4Freetype Freetype 2.4.4Freetype Freetype 2.1.10Freetype Freetype 2.1.5Freetype Freetype 2.0.5Freetype Freetype 2.0.4Freetype Freetype 2.0.3Mozilla Firefox Mobile 9.0Mozilla Firefox Mobile 8.0Freetype Freetype 2.1.8Freetype Freetype 2.3.5Freetype Freetype 2.3.6Freetype Freetype 2.3.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook