CVSS: 9.8EPSS: 5%CPEs: 62EXPL: 0CVE-2012-1142 – freetype: incorrect computation of number of glyphs in FNT_Face_Init() for FNT/FON files (#35659)
https://notcve.org/view.php?id=CVE-2012-1142
25 Apr 2012 — FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font. FreeType antes de v2.4.9, tal como se utiliza en Mozilla Firefox Mobile antes de v10.0.4 y otros productos, permite a atacantes remotos causar una denegación de servicio (operación no válida de escritura y corrupción de memoria) o posible... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 2%CPEs: 62EXPL: 0CVE-2012-1143 – freetype: integer divide by zero in FT_DivFix() (#35660)
https://notcve.org/view.php?id=CVE-2012-1143
25 Apr 2012 — FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font. FreeType antes de v2.4.9, tal como se utiliza en Mozilla Firefox Mobile antes de v10.0.4 y otros productos, permite a atacantes remotos causar una denegación de servicio (error de división por cero) a través de una fuente TrueType modificada. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html • CWE-189: Numeric Errors CWE-369: Divide By Zero •
CVSS: 9.8EPSS: 3%CPEs: 62EXPL: 0CVE-2012-1144 – freetype: insufficient checking of first outline point in TTF parser (#35689)
https://notcve.org/view.php?id=CVE-2012-1144
25 Apr 2012 — FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font. FreeType antes de v2.4.9, tal como se utiliza en Mozilla Firefox Mobile antes de v10.0.4 y otros productos, permite a atacantes remotos causar una denegación de servicio (operación no válida de escritura y corrupción de memoria) o posiblemente ejecuta... • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 10%CPEs: 58EXPL: 0CVE-2011-0226 – freetype: postscript type1 font parsing vulnerability
https://notcve.org/view.php?id=CVE-2011-0226
19 Jul 2011 — Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. Error de entero sin signo en psaux/t1decode.c en FreeType anterior a v2.4.6, es usado enCoreGraphics en Apple iOS anterior a v4.2.9 y v4.3.x an... • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html • CWE-189: Numeric Errors •