Vulnerabilities > Freetype > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-22 | CVE-2022-27405 | Out-of-bounds Read vulnerability in multiple products FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. | 7.5 |
| 2022-04-22 | CVE-2022-27406 | Out-of-bounds Read vulnerability in multiple products FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. | 7.5 |
| 2019-09-03 | CVE-2015-9381 | Out-of-bounds Read vulnerability in multiple products FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. | 8.8 |
| 2017-03-06 | CVE-2016-10244 | Out-of-bounds Read vulnerability in multiple products The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file. | 7.8 |
| 2016-06-07 | CVE-2014-9747 | Resource Management Errors vulnerability in multiple products The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font. | 7.5 |