) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:freetype:freetype:2.6.1:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-27406 |
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. Published: April 22, 2022; 10:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2022-27405 |
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. Published: April 22, 2022; 10:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2022-27404 |
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. Published: April 22, 2022; 10:15:09 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2020-15999 |
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Published: November 02, 2020; 10:15:14 PM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-9383 |
FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. Published: September 03, 2019; 1:15:10 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-6942 |
An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file. Published: February 13, 2018; 12:29:00 AM -0500 |
V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2017-8287 |
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. Published: April 26, 2017; 8:59:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2017-8105 |
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. Published: April 24, 2017; 2:59:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2017-7864 |
FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. Published: April 14, 2017; 12:59:00 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2017-7858 |
FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. Published: April 14, 2017; 12:59:00 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2017-7857 |
FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. Published: April 14, 2017; 12:59:00 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2016-10328 |
FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. Published: April 14, 2017; 12:59:00 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2016-10244 |
The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file. Published: March 06, 2017; 1:59:00 AM -0500 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |