CVSS: 8.1EPSS: 4%CPEs: 1EXPL: 1CVE-2025-27363 – freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files
https://notcve.org/view.php?id=CVE-2025-27363
11 Mar 2025 — An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in t... • https://github.com/zhuowei/CVE-2025-27363-proof-of-concept • CWE-787: Out-of-bounds Write •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23022
https://notcve.org/view.php?id=CVE-2025-23022
10 Jan 2025 — FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c. • https://gitlab.freedesktop.org/freetype/freetype/-/issues/1312 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27405 – FreeType: Segmentation violation via FNT_Size_Request
https://notcve.org/view.php?id=CVE-2022-27405
22 Apr 2022 — FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. Se ha detectado que el commit 53dfdcd8198d2b3201a23c4bad9190519ba918db de FreeType contenía una violación de segmentación por medio de la función FNT_Size_Request A segmentation fault was found in the FreeType library. This flaw allows an attacker to attempt access to a memory location in a way that could cause an application to halt or crash, leading to a denial of ... • http://freetype.com • CWE-125: Out-of-bounds Read CWE-824: Access of Uninitialized Pointer •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-27406 – Freetype: Segmentation violation via FT_Request_Size
https://notcve.org/view.php?id=CVE-2022-27406
22 Apr 2022 — FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. Se ha detectado que el commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 de FreeType contenía una violación de segmentación por medio de la función FT_Request_Size A segmentation fault was found in FreeType’s FT_Request_Size() function in the ftobjs.c file. This flaw allows an attacker to access a memory location in a way that could cause an application to halt or crash... • http://freetype.com • CWE-125: Out-of-bounds Read CWE-824: Access of Uninitialized Pointer •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-27404 – FreeType: Buffer overflow in sfnt_init_face
https://notcve.org/view.php?id=CVE-2022-27404
22 Apr 2022 — FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. Se ha detectado que el commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f de FreeType contenía un desbordamiento del búfer de la pila por medio de la función sfnt_init_face A heap buffer overflow flaw was found in Freetype’s sfnt_init_face() function in the sfobjs.c file. The vulnerability occurs when creating a face with a strange file and invalid index. This flaw allows a... • https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138 • CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 93%CPEs: 5EXPL: 6CVE-2020-15999 – Google Chrome FreeType Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2020-15999
20 Oct 2020 — Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento del búfer de la pila en Freetype en Google Chrome anterior a versión 86.0.4240.111, permitía a un atacante remoto explotar potencialmente una corrupción de pila por medio de una página HTML diseñada A heap buffer overflow leading to out-of-bounds write was found in freetype. Memory allocation based on truncated PNG width and heig... • https://packetstorm.news/files/id/159754 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 1CVE-2015-9383 – Ubuntu Security Notice USN-4126-1
https://notcve.org/view.php?id=CVE-2015-9383
03 Sep 2019 — FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. FreeType en versiones anteriores a la 2.6.2 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en tt_cmap14_validate en sfnt/ttcmap.c. USN-4126-1 fixed a vulnerability in FreeType. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that FreeType incorrectly handled certain font files. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=57cbb8c148999ba8f14ed53435fc071ac9953afd • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2015-9382 – freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face operation in skip_comment, psaux/psobjs.c, leads to a buffer over-read
https://notcve.org/view.php?id=CVE-2015-9382
03 Sep 2019 — FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. FreeType en versiones anteriores a la. 6.1 tiene una sobrelectura de búfer en skip_comment en psaux/psobjs.c porque ps_parser_skip_PS_token se controla incorrectamente en una operación FT_New_Memory_Face. FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs e... • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/psaux/psobjs.c?id=db5a4a9ae7b0048f033361744421da8569642f73 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2015-9381 – freetype: a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c leading to crash
https://notcve.org/view.php?id=CVE-2015-9381
03 Sep 2019 — FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. FreeType en versiones anteriores a la 2.6.1 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en T1_Get_Private_Dict en type1/t1parse.c. USN-4126-1 fixed a vulnerability in FreeType. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that FreeType incorrectly handled certain font files. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=7962a15d64c876870ca0ae435ea2467d9be268d9 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-9290
https://notcve.org/view.php?id=CVE-2015-9290
30 Jul 2019 — In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again. En FreeType anterior a versión 2.6.1, se presenta una lectura excesiva de búfer en el archivo type1/t1parse.c en la función T1_Get_Private_Dict, donde no hay ninguna comprobación de que los nuevos valores de cur y limit son razonables antes de ir a Again. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=e3058617f384cb6709f3878f753fa17aca9e3a30 • CWE-125: Out-of-bounds Read •