VYPR
Vendor

FreeType

FreeType is a software development library used to render text onto bitmaps, and which provides support for other font-related operations. The FreeType font rasterization engine is free and open-source software with the source code dual-licensed under a BSD-like license and the GPL. FreeType supports a number of font formats, including TrueType, Type 1, and OpenType.

Founded 1996
Products
1
CVEs
99
Across products
99
Status
Private

Products

1

Recent CVEs

99
View all 99 CVEs →
  • CVE-2025-27363HigKEVMar 11, 2025
    risk 0.70cvss 8.1epss 0.23

    An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned…

  • CVE-2017-8287CriApr 27, 2017
    risk 0.64cvss 9.8epss 0.03

    FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.

  • CVE-2017-8105CriApr 24, 2017
    risk 0.64cvss 9.8epss 0.04

    FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.

  • CVE-2017-7864CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.04

    FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c.

  • CVE-2017-7858CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.03

    FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.

  • CVE-2017-7857CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.04

    FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.

  • CVE-2014-9746CriJun 7, 2016
    risk 0.64cvss 9.8epss 0.03

    The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values,…

  • CVE-2016-10328CriApr 14, 2017
    risk 0.57cvss 9.8epss 0.04

    FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.

  • CVE-2016-10244HigMar 6, 2017
    risk 0.51cvss 7.8epss 0.03

    The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.

  • CVE-2014-9747HigJun 7, 2016
    risk 0.49cvss 7.5epss 0.03

    The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font.

  • CVE-2018-6942MedFeb 13, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.

  • CVE-2026-23865MedMar 2, 2026
    risk 0.27cvss 5.3epss 0.00

    An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2.

  • CVE-2010-1797Aug 16, 2010
    risk 0.05cvss epss 0.31

    Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote…

  • CVE-2006-2661May 30, 2006
    risk 0.04cvss epss 0.16

    ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.

  • CVE-2006-0747May 23, 2006
    risk 0.04cvss epss 0.12

    Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values.

  • CVE-2014-9659Feb 8, 2015
    risk 0.01cvss epss 0.08

    cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted…

  • CVE-2011-2895Aug 19, 2011
    risk 0.01cvss epss 0.08

    The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType…

  • CVE-2011-0226Jul 19, 2011
    risk 0.01cvss epss 0.07

    Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…

  • CVE-2010-3311Jan 7, 2011
    risk 0.01cvss epss 0.07

    Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a…

  • CVE-2010-2519Aug 19, 2010
    risk 0.01cvss epss 0.06

    Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font…