Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
freetype vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2014-9745
The parse_encoding function in type1/t1load.c in FreeType prior to 2.5.3 allows remote malicious users to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.
Freetype Freetype
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Opensuse Opensuse 13.1
445
VMScore
CVE-2014-9675
bdf/bdflib.c in FreeType prior to 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote malicious users to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 15.04
Freetype Freetype
Debian Debian Linux 7.0
Fedoraproject Fedora 21
Fedoraproject Fedora 20
Redhat Enterprise Linux Server Eus 7.1
Redhat Enterprise Linux Hpc Node Eus 7.1
Redhat Enterprise Linux Hpc Node 6.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Eus 6.6.z
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Hpc Node 7.0
Redhat Enterprise Linux Desktop 7.0
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
445
VMScore
CVE-2010-3054
Unspecified vulnerability in FreeType 2.3.9, and other versions prior to 2.4.2, allows remote malicious users to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode....
Freetype Freetype 2.3.9
Freetype Freetype 2.3.10
Freetype Freetype 2.4.0
Freetype Freetype 2.4.1
Freetype Freetype 2.3.11
Freetype Freetype 2.3.12
385
VMScore
CVE-2020-15999
Heap buffer overflow in Freetype in Google Chrome before 86.0.4240.111 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.
Google Chrome
Freetype Freetype
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Opensuse Backports Sle 15.0
7 Github repositories
3 Articles
383
VMScore
CVE-2015-9383
FreeType prior to 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.
Freetype Freetype
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
383
VMScore
CVE-2015-9382
FreeType prior to 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.
Freetype Freetype
Debian Debian Linux 8.0
383
VMScore
CVE-2018-6942
An issue exists in FreeType 2 up to and including 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.
Freetype Freetype
Canonical Ubuntu Linux 17.10
383
VMScore
CVE-2017-14989
A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows malicious users to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.
Imagemagick Imagemagick 7.0.7-4
383
VMScore
CVE-2014-9671
Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType prior to 2.5.4 allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incre...
Redhat Enterprise Linux Server Eus 7.1
Redhat Enterprise Linux Hpc Node Eus 7.1
Redhat Enterprise Linux Server Eus 6.6.z
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Hpc Node 7.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Hpc Node 6
Redhat Enterprise Linux Desktop 6.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 10.04
Oracle Solaris 10.0
Oracle Solaris 11.2
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Freetype Freetype
383
VMScore
CVE-2014-9670
Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType prior to 2.5.4 allow remote malicious users to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies neg...
Debian Debian Linux 7.0
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Fedoraproject Fedora 21
Fedoraproject Fedora 20
Oracle Solaris 10.0
Oracle Solaris 11.2
Redhat Enterprise Linux Server Eus 6.6.z
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Hpc Node 7.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Hpc Node 6
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server Eus 7.1
Redhat Enterprise Linux Hpc Node Eus 7.1
Redhat Enterprise Linux Workstation 7.0
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »