Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 840224 (CVE-2022-27404, CVE-2022-27405, CVE-2022-27406) - <media-libs/freetype-2.12.0: multiple vulnerabilities
Summary: <media-libs/freetype-2.12.0: multiple vulnerabilities
Alias: CVE-2022-27404, CVE-2022-27405, CVE-2022-27406
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa?]
Depends on: 840227
  Show dependency tree
Reported: 2022-04-22 21:05 UTC by John Helmert III
Modified: 2022-05-01 18:20 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-22 21:05:08 UTC
CVE-2022-27404 (

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.

CVE-2022-27405 (

FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.

CVE-2022-27406 (

FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.

All fixes in 2.12.0
Comment 1 Larry the Git Cow gentoo-dev 2022-05-01 18:20:33 UTC
The bug has been referenced in the following commit(s):

commit bf92f3f25553793f14f04017295a1068df06c54c
Author:     Lars Wendler <>
AuthorDate: 2022-05-01 18:19:02 +0000
Commit:     Lars Wendler <>
CommitDate: 2022-05-01 18:20:21 +0000

    media-libs/freetype: Removed old
    Signed-off-by: Lars Wendler <>

 media-libs/freetype/Manifest               |   3 -
 media-libs/freetype/freetype-2.11.1.ebuild | 244 ---------------------------
 media-libs/freetype/freetype-2.12.0.ebuild | 258 -----------------------------
 3 files changed, 505 deletions(-)