Product:

Mac_os_x

(Apple)
Date Id Summary Products Score Patch Annotated
2010-08-19 CVE-2010-2807 FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Iphone_os, Mac_os_x, Tvos, Ubuntu_linux, Freetype N/A
2010-08-19 CVE-2010-2805 The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Iphone_os, Mac_os_x, Tvos, Ubuntu_linux, Freetype N/A
2010-08-19 CVE-2010-2499 Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment. Mac_os_x, Ubuntu_linux, Debian_linux, Freetype N/A
2010-08-19 CVE-2010-2498 The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. Mac_os_x, Ubuntu_linux, Debian_linux, Freetype N/A
2009-04-17 CVE-2009-0946 Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. Iphone_os, Mac_os_x, Mac_os_x_server, Safari, Ubuntu_linux, Debian_linux, Freetype, Opensuse, Linux_enterprise_server N/A
2010-08-19 CVE-2010-2520 Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Mac_os_x, Ubuntu_linux, Debian_linux, Freetype N/A
2010-08-19 CVE-2010-2497 Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Mac_os_x, Debian_linux, Freetype N/A
2020-12-08 CVE-2020-10013 A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges. Ipados, Iphone_os, Mac_os_x, Tvos 7.8
2012-07-03 CVE-2012-1148 Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. Mac_os_x, Libexpat N/A
2012-07-03 CVE-2012-1147 readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. Mac_os_x, Libexpat N/A