-
```
The following heap-based out-of-bounds memory read has been encountered in
FreeType while fuzzing TrueType fonts. It has been reproduced with the current
version of freetype2 from master git bra…
-
```
The following heap-based out-of-bounds memory read has been encountered in
FreeType while fuzzing TrueType fonts. It has been reproduced with the current
version of freetype2 from master git bra…
-
```
The following NULL pointer dereference crash has been encountered in FreeType
while fuzzing BDF fonts. It has been reproduced with the current version of
freetype2 from master git branch, with a…
-
```
In freetype/src/sfnt/ttsbit.c, the following code responsible for parsing
embedded bitmaps (so-called "sbits") is found:
323: FT_ULong strike_index_array;
324: FT_ULong str…
-
```
In the freetype/src/sfnt/ttload.c file responsible for handling SFNT tables,
there are potential integer overflow conditions in the following code snippets:
209: /* we ignore invalid tables…
-
```
In the freetype/src/sfnt/sfobjs.c file, there is a "woff_open_font" function
responsible for processing WOFF (Web Open Font Format) file structures. Among
other things, it unpacks potentially zl…
-
```
In freetype/src/pcf/pcfread.c, the following code is found:
int firstCol, lastCol;
int firstRow, lastRow;
int nencoding, encodingOffset;
int …
-
```
In freetype/src/pcf/pcfread.c, the following code is found:
402: FT_ULong nprops, i;
403: FT_ULong format, size;
...
406: FT_ULong string_size;
...
410: …
-
```
In the freetype/src/base/ftmac.c file used exclusively to process Mac font
files, the following code operating on FOND resources is present (function
"parse_fond"):
433: unsigned short st…
-
```
In the freetype/src/base/ftobjs.c file, we can find multiple auxiliary
functions for handling uncommon or exotic font formats. One such function is
"Mac_Read_POST_Resource", which heavily operat…