CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Freetype » Freetype » 2.2.1 : Security Vulnerabilities (Memory Corruption)

Cpe Name:cpe:/a:freetype:freetype:2.2.1
CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Copy Results Download Results Select Table
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-1144 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-12-18
9.3
 None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
2 CVE-2012-1142 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-12-28
9.3
 None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font.
3 CVE-2012-1141 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-12-28
9.3
 None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII string in a BDF font.
4 CVE-2012-1140 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-12-18
9.3
 None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object.
5 CVE-2012-1139 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-12-28
9.3
 None Remote Medium Not required Complete Complete Complete
Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font.
6 CVE-2012-1138 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-12-28
9.3
 None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font.
7 CVE-2012-1137 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-12-28
9.3
 None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font.
8 CVE-2012-1136 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-12-28
9.3
 None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field.
9 CVE-2012-1135 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-12-28
9.3
 None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font.
10 CVE-2012-1134 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-12-28
9.3
 None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font.
11 CVE-2012-1133 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-12-28
9.3
 None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.
12 CVE-2012-1132 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-12-28
9.3
 None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font.
13 CVE-2012-1131 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-12-28
9.3
 None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font.
14 CVE-2012-1130 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-12-28
9.3
 None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font.
15 CVE-2012-1129 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-12-28
9.3
 None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font.
16 CVE-2012-1128 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-12-18
9.3
 None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
17 CVE-2012-1127 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-12-28
9.3
 None Remote Medium Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.
18 CVE-2012-1126 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2012-12-28
10.0
 None Remote Low Not required Complete Complete Complete
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font.
19 CVE-2011-0226 189 DoS Exec Code Mem. Corr. 2011-07-19 2011-10-25
9.3
 None Remote Medium Not required Complete Complete Complete
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
20 CVE-2010-2808 119 DoS Exec Code Overflow Mem. Corr. 2010-08-19 2011-01-12
6.8
 None Remote Medium Not required Partial Partial Partial
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.
21 CVE-2010-2498 399 DoS Exec Code Mem. Corr. 2010-08-19 2012-12-18
6.8
 None Remote Medium Not required Partial Partial Partial
The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.
Total number of vulnerabilities : 21   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.