CVE-2016-10244

FreeType could be made to crash or run programs if it opened a specially crafted font file ...

Several vulnerabilities were discovered in Freetype Opening malformed fonts may result in denial of service or the execution of arbitrary code For the stable distribution (jessie), these problems have been fixed in version 252-3+deb8u2 We recommend that you upgrade your freetype packages ...

Debian Bug report logs - #856971 freetype: CVE-2016-10244 Package: src:freetype; Maintainer for src:freetype is Hugh McMaster <hughmcmaster@outlookcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 6 Mar 2017 19:24:01 UTC Severity: important Tags: patch, security, upstream Found in version fre ...

Debian Bug report logs - #861308 freetype: CVE-2017-8287: out-of-bounds write via t1_builder_close_contour function Package: src:freetype; Maintainer for src:freetype is Hugh McMaster <hughmcmaster@outlookcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 27 Apr 2017 09:21:01 UTC Severity: grave ...

Debian Bug report logs - #861220 freetype: CVE-2017-8105 Package: src:freetype; Maintainer for src:freetype is Hugh McMaster <hughmcmaster@outlookcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 26 Apr 2017 06:24:01 UTC Severity: grave Tags: patch, security, upstream Found in versions freetyp ...

The parse_charstrings function in type1/t1loadc in FreeType 2 before 27 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file ...