Fluid Attacks Database

Description

FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	freetype	>=0 <2.6.1-0.1	2.6.1-0.1
debian 14	freetype	>=0 <2.6.1-0.1	2.6.1-0.1
debian 13	freetype	>=0 <2.6.1-0.1	2.6.1-0.1
rpm rhel7	wayland-protocols	<0:1.14-1.el7	0:1.14-1.el7
debian 11	freetype	>=0 <2.6.1-0.1	2.6.1-0.1
rpm rhel7	totem-pl-parser	<0:3.26.1-1.el7	0:3.26.1-1.el7
rpm rhel7	baobab	<0:3.28.0-2.el7	0:3.28.0-2.el7
rpm rhel7	libgepub	<0:0.6.0-1.el7	0:0.6.0-1.el7
rpm rhel7	libmediaart	<0:1.9.4-1.el7	0:1.9.4-1.el7
rpm rhel7	gnome-keyring	<0:3.28.2-1.el7	0:3.28.2-1.el7

1-10 of 152

Aliases

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.