| Bug | Description |
|---|
| CVE-2022-27406 | FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovere ... |
| CVE-2022-27405 | FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovere ... |
| CVE-2022-27404 | FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovere ... |
| CVE-2020-15999 | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.1 ... |
| CVE-2018-6942 | An issue was discovered in FreeType 2 through 2.9. A NULL pointer dere ... |
| CVE-2017-8287 | FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a he ... |
| CVE-2017-8105 | FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a he ... |
| CVE-2017-7864 | FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a he ... |
| CVE-2017-7858 | FreeType 2 before 2017-03-07 has an out-of-bounds write related to the ... |
| CVE-2017-7857 | FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a he ... |
| CVE-2016-10328 | FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a he ... |
| CVE-2016-10244 | The parse_charstrings function in type1/t1load.c in FreeType 2 before ... |
| CVE-2015-9383 | FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_v ... |
| CVE-2015-9382 | FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/ ... |
| CVE-2015-9381 | FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Priv ... |
| CVE-2015-9290 | In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c ... |
| CVE-2014-9747 | The t42_parse_encoding function in type42/t42parse.c in FreeType befor ... |
| CVE-2014-9746 | The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse ... |
| CVE-2014-9745 | The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 ... |
| CVE-2014-9675 | bdf/bdflib.c in FreeType before 2.5.4 identifies property names by onl ... |
| CVE-2014-9674 | The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType befor ... |
| CVE-2014-9673 | Integer signedness error in the Mac_Read_POST_Resource function in bas ... |
| CVE-2014-9672 | Array index error in the parse_fond function in base/ftmac.c in FreeTy ... |
| CVE-2014-9671 | Off-by-one error in the pcf_get_properties function in pcf/pcfread.c i ... |
| CVE-2014-9670 | Multiple integer signedness errors in the pcf_get_encodings function i ... |
| CVE-2014-9669 | Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 a ... |
| CVE-2014-9668 | The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 ... |
| CVE-2014-9667 | sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length cal ... |
| CVE-2014-9666 | The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before ... |
| CVE-2014-9665 | The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 ... |
| CVE-2014-9664 | FreeType before 2.5.4 does not check for the end of the data during ce ... |
| CVE-2014-9663 | The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5 ... |
| CVE-2014-9662 | cff/cf2ft.c in FreeType before 2.5.4 does not validate the return valu ... |
| CVE-2014-9661 | type42/t42parse.c in FreeType before 2.5.4 does not consider that scan ... |
| CVE-2014-9660 | The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5. ... |
| CVE-2014-9659 | cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2. ... |
| CVE-2014-9658 | The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5 ... |
| CVE-2014-9657 | The tt_face_load_hdmx function in truetype/ttpload.c in FreeType befor ... |
| CVE-2014-9656 | The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType b ... |
| CVE-2014-2241 | The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer f ... |
| CVE-2014-2240 | Stack-based buffer overflow in the cf2_hintmap_build function in cff/c ... |
| CVE-2012-5670 | The _bdf_parse_glyphs function in FreeType before 2.4.11 allows contex ... |
| CVE-2012-5669 | The _bdf_parse_glyphs function in FreeType before 2.4.11 allows contex ... |
| CVE-2012-5668 | FreeType before 2.4.11 allows context-dependent attackers to cause a d ... |
| CVE-2012-1144 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ... |
| CVE-2012-1143 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ... |
| CVE-2012-1142 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ... |
| CVE-2012-1141 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ... |
| CVE-2012-1140 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ... |
| CVE-2012-1139 | Array index error in FreeType before 2.4.9, as used in Mozilla Firefox ... |
| CVE-2012-1138 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ... |
| CVE-2012-1137 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ... |
| CVE-2012-1136 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ... |
| CVE-2012-1135 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ... |
| CVE-2012-1134 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ... |
| CVE-2012-1133 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ... |
| CVE-2012-1132 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ... |
| CVE-2012-1131 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ... |
| CVE-2012-1130 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ... |
| CVE-2012-1129 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ... |
| CVE-2012-1128 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ... |
| CVE-2012-1127 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ... |
| CVE-2012-1126 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ... |
| CVE-2011-3439 | FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attac ... |
| CVE-2011-3256 | FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5 ... |
| CVE-2011-0226 | Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, ... |
| CVE-2010-3855 | Buffer overflow in the ft_var_readpackedpoints function in truetype/tt ... |
| CVE-2010-3814 | Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in Fr ... |
| CVE-2010-3311 | Integer overflow in base/ftstream.c in libXft (aka the X FreeType libr ... |
| CVE-2010-3054 | Unspecified vulnerability in FreeType 2.3.9, and other versions before ... |
| CVE-2010-3053 | bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause ... |
| CVE-2010-2808 | Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs. ... |
| CVE-2010-2807 | FreeType before 2.4.2 uses incorrect integer data types during bounds ... |
| CVE-2010-2806 | Array index error in the t42_parse_sfnts function in type42/t42parse.c ... |
| CVE-2010-2805 | The FT_Stream_EnterFrame function in base/ftstream.c in FreeType befor ... |
| CVE-2010-2541 | Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType b ... |
| CVE-2010-2527 | Multiple buffer overflows in demo programs in FreeType before 2.4.0 al ... |
| CVE-2010-2520 | Heap-based buffer overflow in the Ins_IUP function in truetype/ttinter ... |
| CVE-2010-2519 | Heap-based buffer overflow in the Mac_Read_POST_Resource function in b ... |
| CVE-2010-2500 | Integer overflow in the gray_render_span function in smooth/ftgrays.c ... |
| CVE-2010-2499 | Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs. ... |
| CVE-2010-2498 | The psh_glyph_find_strong_points function in pshinter/pshalgo.c in Fre ... |
| CVE-2010-2497 | Integer underflow in glyph handling in FreeType before 2.4.0 allows re ... |
| CVE-2010-1797 | Multiple stack-based buffer overflows in the cff_decoder_parse_charstr ... |
| CVE-2009-0946 | Multiple integer overflows in FreeType 2.3.9 and earlier allow remote ... |
| CVE-2008-1808 | Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dep ... |
| CVE-2008-1807 | FreeType2 before 2.3.6 allow context-dependent attackers to execute ar ... |
| CVE-2008-1806 | Integer overflow in FreeType2 before 2.3.6 allows context-dependent at ... |
| CVE-2007-3506 | The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType ... |
| CVE-2007-2754 | Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and e ... |
| CVE-2007-1351 | Integer overflow in the bdfReadCharacters function in bdfread.c in (1) ... |
| CVE-2006-3467 | Integer overflow in FreeType before 2.2 allows remote attackers to cau ... |
| CVE-2006-2661 | ftutil.c in Freetype before 2.2 allows remote attackers to cause a den ... |
| CVE-2006-1861 | Multiple integer overflows in FreeType before 2.2 allow remote attacke ... |
| CVE-2006-0747 | Integer underflow in Freetype before 2.2 allows remote attackers to ca ... |