CVE-2010-2807

CVE-2010-2807 affects FreeType up to version 2.4.2, where improper integer bounds checking in the font processing code can lead to a crash or potentially arbitrary code execution via a crafted font file. Connected advisories reference the 2.4.2 release as the fix. Remediation: upgrade to FreeType...

CVE-2010-2805

The vulnerability CVE-2010-2805 affects FreeType prior to 2.4.2, where FT_Stream_EnterFrame in base/ftstream.c fails to validate certain position values. This can let a remote attacker crash an application or possibly execute arbitrary code through a crafted font file, i.e., a remote, unauthentic...

CVE-2010-2527

CVE-2010-2527 affects the FreeType 2 font engine (before 2.4.0). The issue is buffer overflows in the FreeType demo programs, which could cause an application crash or potentially allow arbitrary code execution via a crafted font file. Public references in connected documents confirm multiple adv...

CVE-2010-2500

CVE-2010-2500 details (from connected documents): FreeType’s integer overflow in the gray_render_span function (ftgrays.c) before version 2.4.0 can be triggered by parsing a crafted font file, potentially crashing the application or allowing arbitrary code execution. The vulnerability is rooted i...

CVE-2010-2498

The CVE-2010-2498 entry involves FreeType (pSHinter/pshalgo.c) where the function psh_glyph_find_strong_points fails to implement hinting masks correctly. This can lead to heap memory corruption and a crash, with potential arbitrary code execution via a crafted font file that triggers an invalid ...

CVE-2010-2497

FreeType vulnerability CVE-2010-2497 arises from an integer underflow in glyph handling in versions before 2.4.0, enabling remote crash or possibly arbitrary code execution via crafted fonts. Multiple advisories ( Gentoo GLSA, openSUSE, Nessus plugins, OSV) list CVE-2010-2497 among a set of FreeT...

CVE-2010-2805

The FTStreamEnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font file...

PT-2010-1117 · Freetype +1 · Freetype +1

Name of the Vulnerable Software and Affected Versions: freetype versions prior to 2.4.8 freetype versions prior to 2.4.2 Description: The issue affects the freetype package in Gentoo Linux, potentially leading to breaches of confidentiality, integrity, and availability of protected information...

CVE-2010-2808

Buffer overflow in the MacReadPOSTResource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File aka LWFN font...

CVE-2010-2805

The FTStreamEnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font file...

CVE-2010-2807

FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font file...

CVE-2010-2541

Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font file...

Important: Red Hat Security Advisory: freetype security update

Updated freetype packages that fix two security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

freetype: heap buffer overflow vulnerability when processing certain font files

Heap-based buffer overflow in the MacReadPOSTResource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file...

Freetype demos multiple buffer overflows

Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font file...

Freetype ftmulti buffer overflow

Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font file...

CVE-2010-2527

Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font file...

CVE-2010-2500

Integer overflow in the grayrenderspan function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted font file...

CVE-2010-2498

The pshglyphfindstrongpoints function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service heap memory corruption and application crash or possibly execute arbitrary code via a crafted font file that...

CVE-2010-2519

Heap-based buffer overflow in the MacReadPOSTResource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file...