Vulnerabilities > Freetype > Freetype > 2.5.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-14 | CVE-2017-7857 | Out-of-bounds Write vulnerability in Freetype FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. | 7.5 |
2017-04-14 | CVE-2016-10328 | Out-of-bounds Write vulnerability in multiple products FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. | 7.5 |
2017-03-06 | CVE-2016-10244 | Out-of-bounds Read vulnerability in multiple products The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file. | 6.8 |
2014-03-12 | CVE-2014-2240 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freetype Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file. | 7.5 |