CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2022-27404 – FreeType: Buffer overflow in sfnt_init_face
https://notcve.org/view.php?id=CVE-2022-27404
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. Se ha detectado que el commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f de FreeType contenía un desbordamiento del búfer de la pila por medio de la función sfnt_init_face A heap buffer overflow flaw was found in Freetype’s sfnt_init_face() function in the sfobjs.c file. The vulnerability occurs when creating a face with a strange file and invalid index. This flaw allows an attacker to read a small amount of memory, causing the application to crash. • https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27405 – FreeType: Segmentation violation via FNT_Size_Request
https://notcve.org/view.php?id=CVE-2022-27405
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. Se ha detectado que el commit 53dfdcd8198d2b3201a23c4bad9190519ba918db de FreeType contenía una violación de segmentación por medio de la función FNT_Size_Request A segmentation fault was found in the FreeType library. This flaw allows an attacker to attempt access to a memory location in a way that could cause an application to halt or crash, leading to a denial of service. • http://freetype.com https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/me • CWE-125: Out-of-bounds Read CWE-824: Access of Uninitialized Pointer •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2022-27406 – Freetype: Segmentation violation via FT_Request_Size
https://notcve.org/view.php?id=CVE-2022-27406
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. Se ha detectado que el commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 de FreeType contenía una violación de segmentación por medio de la función FT_Request_Size A segmentation fault was found in FreeType’s FT_Request_Size() function in the ftobjs.c file. This flaw allows an attacker to access a memory location in a way that could cause an application to halt or crash, leading to a denial of service. • http://freetype.com https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/me • CWE-125: Out-of-bounds Read CWE-824: Access of Uninitialized Pointer •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2015-9383
https://notcve.org/view.php?id=CVE-2015-9383
FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. FreeType en versiones anteriores a la 2.6.2 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en tt_cmap14_validate en sfnt/ttcmap.c. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=57cbb8c148999ba8f14ed53435fc071ac9953afd https://lists.debian.org/debian-lts-announce/2019/09/msg00002.html https://savannah.nongnu.org/bugs/?46346 https://usn.ubuntu.com/4126-1 https://usn.ubuntu.com/4126-2 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2015-9382 – freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face operation in skip_comment, psaux/psobjs.c, leads to a buffer over-read
https://notcve.org/view.php?id=CVE-2015-9382
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. FreeType en versiones anteriores a la. 6.1 tiene una sobrelectura de búfer en skip_comment en psaux/psobjs.c porque ps_parser_skip_PS_token se controla incorrectamente en una operación FT_New_Memory_Face. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/psaux/psobjs.c?id=db5a4a9ae7b0048f033361744421da8569642f73 https://access.redhat.com/errata/RHSA-2019:4254 https://lists.debian.org/debian-lts-announce/2019/09/msg00002.html https://savannah.nongnu.org/bugs/?45922 https://usn.ubuntu.com/4126-2 https://access.redhat.com/security/cve/CVE-2015-9382 https://bugzilla.redhat.com/show_bug.cgi?id=1763609 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •