FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1ae613c3-5728-11e2-9483-14dae938ec40freetype -- Multiple vulnerabilities

The FreeType Project reports:

Some vulnerabilities in the BDF implementation have been fixed. Users of this font format should upgrade.


Discovery 2012-12-20
Entry 2013-01-05
freetype2
< 2.4.11

http://sourceforge.net/projects/freetype/files/freetype2/2.4.11/README/view
4a088d67-3af2-11e7-9d75-c86000169601freetype2 -- buffer overflows

Werner Lemberg reports:

CVE-2017-8105, CVE-2017-8287: Older FreeType versions have out-of-bounds writes caused by heap-based buffer overflows related to Type 1 fonts.


Discovery 2017-05-17
Entry 2017-05-17
freetype2
< 2.8

http://lists.nongnu.org/archive/html/freetype-announce/2017-05/msg00000.html
CVE-2017-8105
CVE-2017-8287
567beb1e-7e0a-11e4-b9cc-bcaec565249cfreetype -- Out of bounds stack-based read/write

Werner LEMBERG reports:

The fix for CVE-2014-2240 was not 100% complete to fix the issue from the CVE completly.


Discovery 2014-12-07
Entry 2014-12-07
freetype2
< 2.5.4

http://lists.nongnu.org/archive/html/freetype-announce/2014-12/msg00000.html
CVE-2014-2240
54075e39-04ac-11e1-a94e-bcaec565249cfreetype -- Some type 1 fonts handling vulnerabilities

The FreeType project reports:

A couple of vulnerabilities in handling Type 1 fonts.


Discovery 2011-10-12
Entry 2011-11-01
freetype2
< 2.4.7

CVE-2011-3256
http://sourceforge.net/projects/freetype/files/freetype2/2.4.7/README/view
https://bugzilla.redhat.com/attachment.cgi?id=528829&action=diff
1a0de610-a761-11e3-95fe-bcaec565249cfreetype2 -- Out of bounds read/write

Mateusz Jurczyk reports:

Out of bounds stack-based read/write in cf2_hintmap_build.

This is a critical vulnerability in the CFF Rasterizer code recently contributed by Adobe, leading to potential arbitrary code execution in the context of the FreeType2 library client.


Discovery 2014-02-25
Entry 2014-03-09
freetype2
< 2.5.3

http://savannah.nongnu.org/bugs/?41697
462e2d6c-8017-11e1-a571-bcaec565249cfreetype -- multiple vulnerabilities

The Freetype project reports:

Multiple vulnerabilities exist in freetype that can result in application crashes and remote code execution. Please review the details in each of the CVEs for additional information.


Discovery 2012-03-08
Entry 2012-04-06
freetype2
< 2.4.9

CVE-2012-1137
CVE-2012-1138
CVE-2012-1139
CVE-2012-1126
CVE-2012-1127
CVE-2012-1128
CVE-2012-1129
CVE-2012-1130
CVE-2012-1131
CVE-2012-1132
CVE-2012-1133
CVE-2012-1134
CVE-2012-1135
CVE-2012-1136
CVE-2012-1140
CVE-2012-1141
CVE-2012-1142
CVE-2012-1143
CVE-2012-1144
https://sourceforge.net/projects/freetype/files/freetype2/2.4.9/README/view
https://bugzilla.redhat.com/show_bug.cgi?id=806270
5d374b01-c3ee-11e0-8aa5-485d60cb5385freetype2 -- execute arbitrary code or cause denial of service

Vincent Danen reports:

Due to an error within the t1_decoder_parse_charstrings() function (src/psaux/t1decode.c) and can be exploited to corrupt memory by tricking a user into processing a specially-crafted postscript Type1 font in an application that uses the freetype library.


Discovery 2011-07-19
Entry 2011-08-11
freetype2
< 2.4.6

CVE-2011-0226
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0226
458df97f-1440-11eb-aaec-e0d55e2a8bf9freetype2 -- heap buffer overlfow

The freetype project reports:

A heap buffer overflow has been found in the handling of embedded PNG bitmaps, introduced in FreeType version 2.6.


Discovery 2020-10-20
Entry 2020-10-22
freetype2
< 2.10.4

https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/
CVE-2020-15999