Known Vulnerabilities for products from Freetype
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Freetype".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-15999 | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit hea... | 6.5 - MEDIUM | 2020-11-03 | 2024-01-15 |
| CVE-2018-6942 | An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttint... | 6.5 - MEDIUM | 2018-02-13 | 2021-01-26 |
| CVE-2017-8287 | FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_clos... | 9.8 - CRITICAL | 2017-04-27 | 2021-01-26 |
| CVE-2017-8105 | FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_pars... | 9.8 - CRITICAL | 2017-04-24 | 2021-01-26 |
| CVE-2017-7864 | FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset f... | 9.8 - CRITICAL | 2017-04-14 | 2021-01-26 |
| CVE-2017-7858 | FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the s... | 9.8 - CRITICAL | 2017-04-14 | 2021-01-26 |
| CVE-2017-7857 | FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var f... | 9.8 - CRITICAL | 2017-04-14 | 2021-01-26 |
| CVE-2016-10328 | FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run ... | 9.8 - CRITICAL | 2017-04-14 | 2021-03-26 |
| CVE-2016-10244 | The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, ... | 7.8 - HIGH | 2017-03-06 | 2021-01-26 |
| CVE-2015-9383 | FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. | 6.5 - MEDIUM | 2019-09-03 | 2023-02-23 |
| CVE-2015-9382 | FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled ... | 6.5 - MEDIUM | 2019-09-03 | 2019-09-10 |
| CVE-2015-9381 | FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. | 8.8 - HIGH | 2019-09-03 | 2019-09-10 |
| CVE-2015-9290 | In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no chec... | 9.8 - CRITICAL | 2019-07-30 | 2023-11-07 |
| CVE-2014-9747 | The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position f... | 7.5 - HIGH | 2016-06-07 | 2016-06-08 |
| CVE-2014-9746 | The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_f... | 9.8 - CRITICAL | 2016-06-07 | 2018-07-19 |
| CVE-2014-9745 | The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (... | 5 - MEDIUM | 2015-09-14 | 2018-10-30 |
| CVE-2014-9675 | bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which... | 5 - MEDIUM | 2015-02-08 | 2018-10-30 |
| CVE-2014-9674 | The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without v... | 7.5 - HIGH | 2015-02-08 | 2018-10-30 |
| CVE-2014-9673 | Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attac... | 6.8 - MEDIUM | 2015-02-08 | 2018-10-30 |
| CVE-2014-9672 | Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a deni... | 5.8 - MEDIUM | 2015-02-08 | 2018-10-30 |