rpm package
opensuse/freetype2&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/freetype2&distro=openSUSE%20Tumbleweed
Vulnerabilities (63)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2012-1136 | — | < 2.7-1.1 | 2.7-1.1 | Apr 25, 2012 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font t | ||
| CVE-2012-1135 | — | < 2.7-1.1 | 2.7-1.1 | Apr 25, 2012 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instr | ||
| CVE-2012-1134 | — | < 2.7-1.1 | 2.7-1.1 | Apr 25, 2012 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 | ||
| CVE-2012-1133 | — | < 2.7-1.1 | 2.7-1.1 | Apr 25, 2012 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. | ||
| CVE-2012-1132 | — | < 2.7-1.1 | 2.7-1.1 | Apr 25, 2012 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font. | ||
| CVE-2012-1131 | — | < 2.7-1.1 | 2.7-1.1 | Apr 25, 2012 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the ce | ||
| CVE-2012-1130 | — | < 2.7-1.1 | 2.7-1.1 | Apr 25, 2012 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font. | ||
| CVE-2012-1129 | — | < 2.7-1.1 | 2.7-1.1 | Apr 25, 2012 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font. | ||
| CVE-2012-1128 | — | < 2.7-1.1 | 2.7-1.1 | Apr 25, 2012 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font. | ||
| CVE-2012-1127 | — | < 2.7-1.1 | 2.7-1.1 | Apr 25, 2012 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. | ||
| CVE-2012-1126 | — | < 2.7-1.1 | 2.7-1.1 | Apr 25, 2012 | FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font. | ||
| CVE-2011-3439 | — | < 2.7-1.1 | 2.7-1.1 | Nov 11, 2011 | FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. | ||
| CVE-2011-3256 | — | < 2.7-1.1 | 2.7-1.1 | Oct 14, 2011 | FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than | ||
| CVE-2011-0226 | — | < 2.7-1.1 | 2.7-1.1 | Jul 19, 2011 | Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cr | ||
| CVE-2010-3311 | — | < 2.7-1.1 | 2.7-1.1 | Jan 7, 2011 | Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-bas | ||
| CVE-2010-3855 | — | < 2.7-1.1 | 2.7-1.1 | Nov 26, 2010 | Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font. | ||
| CVE-2010-3814 | — | < 2.7-1.1 | 2.7-1.1 | Nov 26, 2010 | Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated b | ||
| CVE-2010-3054 | — | < 2.7-1.1 | 2.7-1.1 | Aug 19, 2010 | Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c. | ||
| CVE-2010-3053 | — | < 2.7-1.1 | 2.7-1.1 | Aug 19, 2010 | bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string. | ||
| CVE-2010-2805 | — | < 2.7-1.1 | 2.7-1.1 | Aug 19, 2010 | The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
- CVE-2012-1136Apr 25, 2012affected < 2.7-1.1fixed 2.7-1.1
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font t
- CVE-2012-1135Apr 25, 2012affected < 2.7-1.1fixed 2.7-1.1
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instr
- CVE-2012-1134Apr 25, 2012affected < 2.7-1.1fixed 2.7-1.1
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1
- CVE-2012-1133Apr 25, 2012affected < 2.7-1.1fixed 2.7-1.1
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.
- CVE-2012-1132Apr 25, 2012affected < 2.7-1.1fixed 2.7-1.1
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font.
- CVE-2012-1131Apr 25, 2012affected < 2.7-1.1fixed 2.7-1.1
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the ce
- CVE-2012-1130Apr 25, 2012affected < 2.7-1.1fixed 2.7-1.1
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font.
- CVE-2012-1129Apr 25, 2012affected < 2.7-1.1fixed 2.7-1.1
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font.
- CVE-2012-1128Apr 25, 2012affected < 2.7-1.1fixed 2.7-1.1
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.
- CVE-2012-1127Apr 25, 2012affected < 2.7-1.1fixed 2.7-1.1
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.
- CVE-2012-1126Apr 25, 2012affected < 2.7-1.1fixed 2.7-1.1
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font.
- CVE-2011-3439Nov 11, 2011affected < 2.7-1.1fixed 2.7-1.1
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
- CVE-2011-3256Oct 14, 2011affected < 2.7-1.1fixed 2.7-1.1
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than
- CVE-2011-0226Jul 19, 2011affected < 2.7-1.1fixed 2.7-1.1
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cr
- CVE-2010-3311Jan 7, 2011affected < 2.7-1.1fixed 2.7-1.1
Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-bas
- CVE-2010-3855Nov 26, 2010affected < 2.7-1.1fixed 2.7-1.1
Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.
- CVE-2010-3814Nov 26, 2010affected < 2.7-1.1fixed 2.7-1.1
Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated b
- CVE-2010-3054Aug 19, 2010affected < 2.7-1.1fixed 2.7-1.1
Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.
- CVE-2010-3053Aug 19, 2010affected < 2.7-1.1fixed 2.7-1.1
bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.
- CVE-2010-2805Aug 19, 2010affected < 2.7-1.1fixed 2.7-1.1
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
Page 3 of 4