FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
precise freetype 2.4.8-1ubuntu2.5
precise/esm freetype 2.4.8-1ubuntu2.5
trusty freetype 2.5.2-1ubuntu2.7
vivid/ubuntu-core freetype 2.5.2-2ubuntu3.2
xenial freetype 2.6.1-0.1ubuntu2.2
yakkety freetype 2.6.3-3ubuntu1.2
zesty freetype 2.6.3-3ubuntu2.1


Release Package Reason
vivid/stable-phone-overlay freetype ignored
devel freetype not-affected

Needs Triage

Release Package Reason
upstream freetype needs-triage