National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 71 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2012-1132

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font.

Published: April 25, 2012; 06:10:18 AM -04:00
V2: 9.3 HIGH
CVE-2012-1131

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font.

Published: April 25, 2012; 06:10:18 AM -04:00
V2: 9.3 HIGH
CVE-2012-1130

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font.

Published: April 25, 2012; 06:10:18 AM -04:00
V2: 9.3 HIGH
CVE-2012-1129

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font.

Published: April 25, 2012; 06:10:18 AM -04:00
V2: 9.3 HIGH
CVE-2012-1128

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.

Published: April 25, 2012; 06:10:18 AM -04:00
V2: 9.3 HIGH
CVE-2012-1127

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.

Published: April 25, 2012; 06:10:17 AM -04:00
V2: 9.3 HIGH
CVE-2012-1126

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font.

Published: April 25, 2012; 06:10:17 AM -04:00
V2: 10.0 HIGH
CVE-2011-0226

Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.

Published: July 19, 2011; 06:55:00 PM -04:00
V2: 9.3 HIGH
CVE-2010-3311

Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.

Published: January 07, 2011; 06:00:18 PM -05:00
V2: 9.3 HIGH
CVE-2010-3855

Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.

Published: November 26, 2010; 03:00:03 PM -05:00
V2: 6.8 MEDIUM
CVE-2010-3814

Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.

Published: November 26, 2010; 03:00:02 PM -05:00
V2: 6.8 MEDIUM
CVE-2010-3053

bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.

Published: August 19, 2010; 02:00:06 PM -04:00
V2: 4.3 MEDIUM
CVE-2010-2808

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.

Published: August 19, 2010; 02:00:05 PM -04:00
V2: 6.8 MEDIUM
CVE-2010-2807

FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Published: August 19, 2010; 02:00:05 PM -04:00
V2: 6.8 MEDIUM
CVE-2010-2806

Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.

Published: August 19, 2010; 02:00:05 PM -04:00
V2: 6.8 MEDIUM
CVE-2010-2805

The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Published: August 19, 2010; 02:00:04 PM -04:00
V2: 6.8 MEDIUM
CVE-2010-2541

Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Published: August 19, 2010; 02:00:04 PM -04:00
V2: 6.8 MEDIUM
CVE-2010-2527

Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Published: August 19, 2010; 02:00:04 PM -04:00
V2: 6.8 MEDIUM
CVE-2010-2520

Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Published: August 19, 2010; 02:00:04 PM -04:00
V2: 5.1 MEDIUM
CVE-2010-2519

Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file.

Published: August 19, 2010; 02:00:04 PM -04:00
V2: 6.8 MEDIUM