Vulnerabilities > Freetype > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-22 | CVE-2022-27404 | Out-of-bounds Write vulnerability in multiple products FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. | 9.8 |
| 2019-07-30 | CVE-2015-9290 | Out-of-bounds Read vulnerability in Freetype In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again. | 9.8 |
| 2017-04-27 | CVE-2017-8287 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freetype FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. | 9.8 |
| 2017-04-24 | CVE-2017-8105 | Out-of-bounds Write vulnerability in multiple products FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. | 9.8 |
| 2017-04-14 | CVE-2017-7864 | Out-of-bounds Write vulnerability in Freetype FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. | 9.8 |
| 2017-04-14 | CVE-2017-7858 | Out-of-bounds Write vulnerability in Freetype FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. | 9.8 |
| 2017-04-14 | CVE-2017-7857 | Out-of-bounds Write vulnerability in Freetype 2.7/2.7.0/2.7.1 FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c. | 9.8 |
| 2017-04-14 | CVE-2016-10328 | Out-of-bounds Write vulnerability in multiple products FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. | 9.8 |
| 2016-06-07 | CVE-2014-9746 | Improper Input Validation vulnerability in multiple products The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font. | 9.8 |