freetype2

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Font rasterization library
Version	2.13.3-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1254	2.10.3-1	2.10.4-1	High	Fixed
AVG-613	2.9-2	2.9.1-1	Low	Fixed
AVG-257	2.7.1-1	2.7.1-2	High	Fixed
AVG-251	2.7-2	2.7.1-1	High	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2020-15999	AVG-1254	High	Yes	Arbitrary code execution	A heap buffer overflow has been found in freetype2 before 2.10.4. Malformed TTF files with PNG sbit glyphs can cause a heap buffer overflow in Load_SBit_Png...
CVE-2018-6942	AVG-613	Low	Yes	Denial of service	An issue was discovered in FreeType 2 before 2.9.1. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to denial of...
CVE-2017-8287	AVG-257	High	Yes	Arbitrary code execution	FreeType 2 <= 2.7.1 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.
CVE-2017-8105	AVG-257	High	Yes	Arbitrary code execution	FreeType 2 <= 2.7.1 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.
CVE-2016-10328	AVG-251	High	No	Arbitrary code execution	FreeType 2 before 2016-12-16 (2.7.1) has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.

Advisories

Date	Advisory	Group	Severity	Type
20 Oct 2020	ASA-202010-10	AVG-1254	High	arbitrary code execution
09 May 2018	ASA-201805-3	AVG-613	Low	denial of service
09 May 2017	ASA-201705-7	AVG-257	High	arbitrary code execution