{"id":"USN-5528-1","summary":"freetype vulnerabilities","details":"It was discovered that FreeType did not correctly handle certain malformed\nfont files. If a user were tricked into using a specially crafted font\nfile, a remote attacker could cause FreeType to crash, or possibly execute\narbitrary code.\n","modified":"2026-02-10T04:42:42Z","published":"2022-07-20T13:13:56Z","related":["UBUNTU-CVE-2022-27404","UBUNTU-CVE-2022-27405","UBUNTU-CVE-2022-27406","UBUNTU-CVE-2022-31782"],"upstream":["CVE-2022-27404","CVE-2022-27405","CVE-2022-27406","CVE-2022-31782","UBUNTU-CVE-2022-27404","UBUNTU-CVE-2022-27405","UBUNTU-CVE-2022-27406","UBUNTU-CVE-2022-31782"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5528-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-27404"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-27405"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-27406"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-31782"}],"affected":[{"package":{"name":"freetype","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/freetype@2.8.1-2ubuntu2.2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.1-2ubuntu2.2"}]}],"versions":["2.8-0.2ubuntu2","2.8.1-0.1ubuntu2","2.8.1-0.1ubuntu3","2.8.1-2ubuntu1","2.8.1-2ubuntu2","2.8.1-2ubuntu2.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.8.1-2ubuntu2.2","binary_name":"freetype2-demos"},{"binary_version":"2.8.1-2ubuntu2.2","binary_name":"libfreetype6"},{"binary_version":"2.8.1-2ubuntu2.2","binary_name":"libfreetype6-dev"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-27404"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2022-27405"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2022-27406"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-31782"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5528-1.json"}},{"package":{"name":"freetype","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/freetype@2.10.1-2ubuntu0.2?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10.1-2ubuntu0.2"}]}],"versions":["2.9.1-4","2.10.1-2","2.10.1-2ubuntu0.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.10.1-2ubuntu0.2","binary_name":"freetype2-demos"},{"binary_version":"2.10.1-2ubuntu0.2","binary_name":"libfreetype-dev"},{"binary_version":"2.10.1-2ubuntu0.2","binary_name":"libfreetype6"},{"binary_version":"2.10.1-2ubuntu0.2","binary_name":"libfreetype6-dev"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-27404"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2022-27405"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2022-27406"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-31782"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5528-1.json"}},{"package":{"name":"freetype","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/freetype@2.11.1+dfsg-1ubuntu0.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.11.1+dfsg-1ubuntu0.1"}]}],"versions":["2.10.4+dfsg-1build1","2.10.4+dfsg-1build2","2.11.0+dfsg-1","2.11.1+dfsg-1","2.11.1+dfsg-1build1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.11.1+dfsg-1ubuntu0.1","binary_name":"freetype2-demos"},{"binary_version":"2.11.1+dfsg-1ubuntu0.1","binary_name":"libfreetype-dev"},{"binary_version":"2.11.1+dfsg-1ubuntu0.1","binary_name":"libfreetype6"},{"binary_version":"2.11.1+dfsg-1ubuntu0.1","binary_name":"libfreetype6-dev"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-27404"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2022-27405"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2022-27406"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-31782"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5528-1.json"}}],"schema_version":"1.7.3"}