FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
Max CVSS
9.8
EPSS Score
0.88%
Published
2022-04-22
Updated
2024-02-29
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.
Max CVSS
9.8
EPSS Score
0.95%
Published
2017-04-27
Updated
2021-01-26
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.
Max CVSS
9.8
EPSS Score
1.18%
Published
2017-04-24
Updated
2021-01-26
FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c.
Max CVSS
9.8
EPSS Score
0.91%
Published
2017-04-14
Updated
2021-01-26
FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.
Max CVSS
9.8
EPSS Score
1.35%
Published
2017-04-14
Updated
2021-01-26
FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.
Max CVSS
9.8
EPSS Score
0.91%
Published
2017-04-14
Updated
2021-01-26
FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.
Max CVSS
9.8
EPSS Score
0.93%
Published
2017-04-14
Updated
2021-03-26
In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again.
Max CVSS
9.8
EPSS Score
0.62%
Published
2019-07-30
Updated
2019-08-15
The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font.
Max CVSS
9.8
EPSS Score
2.55%
Published
2016-06-07
Updated
2018-07-19
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
Max CVSS
9.3
EPSS Score
5.24%
Published
2012-04-25
Updated
2023-02-13
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font.
Max CVSS
9.3
EPSS Score
5.49%
Published
2012-04-25
Updated
2023-02-13
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII string in a BDF font.
Max CVSS
9.3
EPSS Score
5.24%
Published
2012-04-25
Updated
2023-02-13
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object.
Max CVSS
9.3
EPSS Score
4.73%
Published
2012-04-25
Updated
2023-02-13
Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font.
Max CVSS
9.3
EPSS Score
5.24%
Published
2012-04-25
Updated
2023-02-13
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font.
Max CVSS
9.3
EPSS Score
5.24%
Published
2012-04-25
Updated
2021-01-26
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font.
Max CVSS
9.3
EPSS Score
5.24%
Published
2012-04-25
Updated
2023-02-13
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field.
Max CVSS
9.3
EPSS Score
5.49%
Published
2012-04-25
Updated
2023-02-13
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font.
Max CVSS
9.3
EPSS Score
5.24%
Published
2012-04-25
Updated
2021-01-26
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font.
Max CVSS
9.3
EPSS Score
5.49%
Published
2012-04-25
Updated
2023-02-13
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.
Max CVSS
9.3
EPSS Score
5.24%
Published
2012-04-25
Updated
2021-01-26
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font.
Max CVSS
9.3
EPSS Score
5.24%
Published
2012-04-25
Updated
2023-02-13
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font.
Max CVSS
9.3
EPSS Score
5.24%
Published
2012-04-25
Updated
2023-02-13
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font.
Max CVSS
9.3
EPSS Score
5.24%
Published
2012-04-25
Updated
2023-02-13
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font.
Max CVSS
9.3
EPSS Score
5.24%
Published
2012-04-25
Updated
2021-01-26
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
Max CVSS
9.3
EPSS Score
5.14%
Published
2012-04-25
Updated
2021-01-26
30 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!