CVSS: 9.8EPSS: 25%CPEs: 21EXPL: 0CVE-2009-0946 – freetype: multiple integer overflows
https://notcve.org/view.php?id=CVE-2009-0946
17 Apr 2009 — Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. Múltiples desbordamientos de entero en FreeType v2.3.9 y anteriores permiten a atacantes remotos ejecutar código de su elección mediante vectores relacionados con valores grandes en ciertas entradas en (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, y (3) cff/cffload.c. This GLSA contains ... • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 2%CPEs: 4EXPL: 0CVE-2008-1806 – FreeType PFB integer overflow
https://notcve.org/view.php?id=CVE-2008-1806
16 Jun 2008 — Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow. Desbordamiento de entero en FreeType2 anterior a 2.3.6, permite a atacantes dependientes del contexto ejecutar código arbitrario a través de un set de valores manipulados de un tamaño 16-bit dentro de la tabla de diccionario Private en un archivo P... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2008-1807 – FreeType invalid free() flaw
https://notcve.org/view.php?id=CVE-2008-1807
16 Jun 2008 — FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption. FreeType2 versiones anteriores a 2.3.6 permite a atacantes dependientes de contexto ejecutar código de su elección a través de un campo "número de axes" inválido en un fichero Printer Font Binary (PFB), lo cual dispara una liberación de localizaciones de memoria de su el... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716 • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 2%CPEs: 12EXPL: 0CVE-2008-1808 – FreeType off-by-one flaws
https://notcve.org/view.php?id=CVE-2008-1808
16 Jun 2008 — Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow. Múltiples errores de superación de límite (off-by-one) en FreeType2 antes de 2.3.6 permite a atacantes dependientes del contexto ejecutar código arbitrario mediante (1) una tabla manipulada en un archivo Printer Font Binary (PFB) ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717 • CWE-189: Numeric Errors CWE-193: Off-by-one Error •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3506
https://notcve.org/view.php?id=CVE-2007-3506
02 Jul 2007 — The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug." La función ft_bitmap_assure_buffer en src/base/ftbimap.c de FreeType 2.3.3 permite a atacantes remotos dependientes del contexto provocar una denegación de servicio y posiblemente ejecutar código de su elección mediante vectores no especificad... • http://cvs.savannah.nongnu.org/viewvc/freetype2/src/base/ftbitmap.c?root=freetype&r1=1.17&r2=1.18 •
CVSS: 9.8EPSS: 89%CPEs: 1EXPL: 2CVE-2007-2754 – freetype integer overflow
https://notcve.org/view.php?id=CVE-2007-2754
17 May 2007 — Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. Error de presencia de signo en entero en truetype/ttgload.c de Freetype 2.3.4 y versiones anteriores podría permitir a atacantes remotos ejecutar código de su elección mediante una imagen TTF manipulada con un valor n_points negativo, lo que conduce a un de... • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 19%CPEs: 1EXPL: 0CVE-2006-3467 – freetype: integer overflow vulnerability due to incomplete fix for CVE-2006-1861
https://notcve.org/view.php?id=CVE-2006-3467
18 Jul 2006 — Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861. Desbordamiento de entero en FreeType en versiones anteriores a 2.2 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un archivo PCF manipulado, según lo demostrado mediante el archivo d... • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 4%CPEs: 6EXPL: 1CVE-2006-2661 – FreeType - '.TTF' File Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-2661
30 May 2006 — ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. • https://www.exploit-db.com/exploits/27993 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 66%CPEs: 1EXPL: 1CVE-2006-0747 – FreeType - '.TTF' File Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-0747
23 May 2006 — Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. • https://www.exploit-db.com/exploits/27992 • CWE-189: Numeric Errors •