FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
Max CVSS
9.3
EPSS Score
1.05%
Published
2011-11-11
Updated
2021-06-22
The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display.
Max CVSS
9.3
EPSS Score
0.16%
Published
2011-10-14
Updated
2017-08-29
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts.
Max CVSS
9.3
EPSS Score
9.21%
Published
2011-08-29
Updated
2020-05-19
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
Max CVSS
9.3
EPSS Score
5.83%
Published
2011-07-19
Updated
2011-10-26
4 vulnerabilities found