from 0, < 2.10.4+dfsg-1+deb11u2
from 0, < 2.10.4+dfsg-1+deb11u2
HIGH8.1⚠ KEVfreetype - security update
from 0, < 2.12.1+dfsg-5+deb12u4
MEDIUM6.5⚠ KEVfreetype - security update
from 0, < 2.10.2+dfsg-4
MEDIUM6.5⚠ KEVfreetype - security update
from 0, < 2.9.1-3+deb10u2
MEDIUM6.5⚠ KEVfreetype - security update
from 0, < 2.6.3-3.2+deb9u2
CRITICAL9.8FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
from 0, < 2.10.4+dfsg-1+deb11u1
CRITICAL9.8freetype - security update
from 0, < 2.5.2-3+deb8u3
CRITICAL9.8freetype - security update
from 0, < 2.6.1-0.1
CRITICAL9.8freetype - security update
from 0, < 2.4.9-1.1+deb7u7
CRITICAL9.8freetype - security update
from 0, < 2.6.3-3.2
CRITICAL9.8freetype - security update
from 0, < 2.6.3-3.2
CRITICAL9.8freetype - security update
from 0, < 2.4.9-1.1+deb7u6
CRITICAL9.8The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix fun…
from 0, < 2.6-1
HIGH8.8freetype - security update
from 0, < 2.5.2-3+deb8u4
HIGH8.8freetype - security update
from 0, < 2.6.1-0.1
HIGH7.8ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.
from 0
HIGH7.8freetype - security update
from 0, < 2.6.3-3.1
HIGH7.8freetype - security update
from 0, < 2.4.9-1.1+deb7u4
HIGH7.8freetype - security update
from 0, < 2.5.2-3+deb8u2
HIGH7.5FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Siz…
from 0, < 2.10.4+dfsg-1+deb11u1
HIGH7.5FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Reque…
from 0, < 2.10.4+dfsg-1+deb11u1
HIGH7.5The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-…
from 0, < 2.6-1
MEDIUM6.5FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.
from 0, < 2.6.3-1
MEDIUM6.5FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_M…
from 0, < 2.6.1-0.1
MEDIUM6.5An issue was discovered in FreeType 2 through 2.9.
from 0, < 2.9.1-3
MEDIUM5.3freetype - security update
from 0, < 2.13.3+dfsg-1+deb13u1
MEDIUM5.3freetype - security update
from 0, < 2.13.3+dfsg-1+deb13u1
—freetype - security update
from 0, < 2.6-1
—freetype - security update
from 0, < 2.4.2-2.1+squeeze6
—freetype - security update
from 0, < 2.4.9-1.1+deb7u2
—bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote…
from 0, < 2.5.2-3
—freetype - security update
from 0, < 2.5.2-3
—freetype - security update
from 0, < 2.4.9-1.1+deb7u3
—Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause…
from 0, < 2.5.2-3
—Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service…
from 0, < 2.5.2-3
—Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of…
from 0, < 2.5.2-3
—Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to ca…
from 0, < 2.5.2-3
—Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds rea…
from 0, < 2.5.2-3
—The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length v…
from 0, < 2.5.2-3
—sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attacke…
from 0, < 2.5.2-3
—The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting t…
from 0, < 2.5.2-3
—The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows…
from 0, < 2.5.2-3
—FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denia…
from 0, < 2.5.2-3
—The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is comp…
from 0, < 2.5.2-3
—cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to ca…
from 0, < 2.5.2-3
—type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remo…
from 0, < 2.5.2-3
—The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows rem…
from 0, < 2.5.2-3
—cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been compu…
from 0, < 2.5.2-3
—The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote at…
from 0, < 2.5.2-3
—The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote…
from 0, < 2.5.2-3
—freetype - security update
from 0, < 2.4.2-2.1+squeeze5
—freetype - security update
from 0, < 2.4.9-1.1+deb7u1
—freetype - security update
from 0, < 2.5.2-3
—The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly chec…
from 0, < 2.5.2-1.1
—Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a…
from 0, < 2.5.2-1.1
—The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds wri…
from 0, < 2.4.9-1.1
—The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possib…
from 0, < 2.4.9-1.1
—FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors rel…
from 0, < 2.4.9-1.1
—FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…
from 0, < 2.4.9-1
—FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…
from 0, < 2.4.9-1
—FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…
from 0, < 2.4.9-1
—FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…
from 0, < 2.4.9-1
—FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…
from 0, < 2.4.9-1
—Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to…
from 0, < 2.4.9-1
—FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…
from 0, < 2.4.9-1
—FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…
from 0, < 2.4.9-1
—FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…
from 0, < 2.4.9-1
—FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…
from 0, < 2.4.9-1
—FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…
from 0, < 2.4.9-1
—freetype - several
from 0, < 2.4.2-2.1+squeeze4
—freetype - several
from 0, < 2.4.9-1
—FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…
from 0, < 2.4.9-1
—FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to c…
from 0, < 2.4.9-1
—FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…
from 0, < 2.4.9-1
—FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…
from 0, < 2.4.9-1
—FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…
from 0, < 2.4.9-1
—FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…
from 0, < 2.4.9-1
—FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of ser…
from 0, < 2.4.9-1
—freetype - missing input sanitising
from 0, < 2.3.7-2+lenny8
—freetype - missing input sanitising
from 0, < 2.4.8-1
—freetype - missing input sanitising
from 0, < 2.3.7-2+lenny7
—freetype - missing input sanitising
from 0, < 2.4.7-1
—freetype - missing input sanitization
from 0, < 2.4.6-1
—freetype - missing input sanitization
from 0, < 2.3.7-2+lenny6
—freetype - integer overflow
from 0, < 2.4.0-1
—freetype - integer overflow
from 0, < 2.3.7-2+lenny4
—Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to caus…
from 0, < 2.4.2-2.1
—freetype - several
from 0, < 2.4.2-2.1
—freetype - several
from 0, < 2.3.7-2+lenny5
—Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vect…
from 0, < 2.4.2-1
—bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file,…
from 0, < 2.4.2-1
—Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial…
from 0, < 2.4.2-1
—FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service…
from 0, < 2.4.2-1
—Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial o…
from 0, < 2.4.2-1
—The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which all…
from 0, < 2.4.2-1
—Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (app…
from 0, < 2.4.2-1
—Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash)…
from 0, < 2.4.0-1
—Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabl…
from 0, < 2.4.0-1
—Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to caus…
from 0, < 2.4.0-1