| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-5670 |
119 |
|
DoS Overflow |
2013-01-24 |
2013-01-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value. |
|
2 |
CVE-2012-5669 |
119 |
|
DoS Exec Code Overflow |
2013-01-24 |
2013-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read. |
|
3 |
CVE-2012-5668 |
119 |
|
DoS Overflow |
2013-01-24 |
2013-01-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function. |
|
4 |
CVE-2012-1144 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-04-25 |
2012-12-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font. |
|
5 |
CVE-2012-1143 |
189 |
|
DoS |
2012-04-25 |
2012-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font. |
|
6 |
CVE-2012-1142 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-04-25 |
2012-12-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font. |
|
7 |
CVE-2012-1141 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-04-25 |
2012-12-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII string in a BDF font. |
|
8 |
CVE-2012-1140 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-04-25 |
2012-12-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object. |
|
9 |
CVE-2012-1139 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-04-25 |
2012-12-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font. |
|
10 |
CVE-2012-1138 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-04-25 |
2012-12-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font. |
|
11 |
CVE-2012-1137 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-04-25 |
2012-12-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font. |
|
12 |
CVE-2012-1136 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-04-25 |
2012-12-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field. |
|
13 |
CVE-2012-1135 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-04-25 |
2012-12-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font. |
|
14 |
CVE-2012-1134 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-04-25 |
2012-12-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font. |
|
15 |
CVE-2012-1133 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-04-25 |
2012-12-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. |
|
16 |
CVE-2012-1132 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-04-25 |
2012-12-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font. |
|
17 |
CVE-2012-1131 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-04-25 |
2012-12-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font. |
|
18 |
CVE-2012-1130 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-04-25 |
2012-12-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font. |
|
19 |
CVE-2012-1129 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-04-25 |
2012-12-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font. |
|
20 |
CVE-2012-1128 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-04-25 |
2012-12-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font. |
|
21 |
CVE-2012-1127 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-04-25 |
2012-12-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. |
|
22 |
CVE-2012-1126 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2012-04-25 |
2012-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font. |
|
23 |
CVE-2011-0226 |
189 |
|
DoS Exec Code Mem. Corr. |
2011-07-19 |
2011-10-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. |
|
24 |
CVE-2010-3855 |
119 |
|
DoS Exec Code Overflow |
2010-11-26 |
2012-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font. |
|
25 |
CVE-2010-3814 |
119 |
|
DoS Exec Code Overflow |
2010-11-26 |
2012-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font. |
|
26 |
CVE-2010-3311 |
189 |
|
DoS Exec Code Overflow |
2011-01-07 |
2012-12-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797. |
|
27 |
CVE-2010-3053 |
20 |
|
DoS |
2010-08-19 |
2012-12-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string. |
|
28 |
CVE-2010-2808 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2010-08-19 |
2011-01-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. |
|
29 |
CVE-2010-2807 |
189 |
|
DoS Exec Code |
2010-08-19 |
2010-12-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
|
30 |
CVE-2010-2806 |
399 |
|
DoS Exec Code Overflow |
2010-08-19 |
2011-01-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. |
|
31 |
CVE-2010-2805 |
20 |
|
DoS Exec Code |
2010-08-19 |
2012-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
|
32 |
CVE-2010-2541 |
119 |
|
DoS Exec Code Overflow |
2010-08-19 |
2012-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
|
33 |
CVE-2010-2527 |
119 |
|
DoS Exec Code Overflow |
2010-08-19 |
2012-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
|
34 |
CVE-2010-2520 |
119 |
|
DoS Exec Code Overflow |
2010-08-19 |
2012-12-18 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
|
35 |
CVE-2010-2519 |
119 |
|
DoS Exec Code Overflow |
2010-08-19 |
2012-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file. |
|
36 |
CVE-2010-2500 |
189 |
|
DoS Exec Code Overflow |
2010-08-19 |
2012-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
|
37 |
CVE-2010-2499 |
119 |
|
DoS Exec Code Overflow |
2010-08-19 |
2012-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment. |
|
38 |
CVE-2010-2498 |
399 |
|
DoS Exec Code Mem. Corr. |
2010-08-19 |
2012-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. |
|
39 |
CVE-2010-2497 |
189 |
|
DoS Exec Code |
2010-08-19 |
2012-12-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
