DEBIAN-CVE-2015-9290

In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1GetPrivateDict where there is no check that the new values of cur and limit are sensible before going to Again...

freetype: a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c leading to crash

An out-of-bounds buffer overflow flaw was found in FreeType prior to version 2.6.1...

freetype: limited heap buffer overflow in Type1 parser T1_Get_Private_Dict() (#35608)

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service invalid heap write operation and memory corruption or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font...

FreeType PFB integer overflow

Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary PFB file, which triggers a heap-based buffer overflow...

FreeType PFB integer overflow

Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary PFB file, which triggers a heap-based buffer overflow...

DEBIAN-CVE-2008-1806

Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary PFB file, which triggers a heap-based buffer overflow...