Page 15 of 190 results (0.013 seconds)

CVSS: 7.5EPSS: 3%CPEs: 11EXPL: 1

CVE-2014-9656

https://notcve.org/view.php?id=CVE-2014-9656

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font. La función tt_sbit_decoder_load_image en sfnt/ttsbit.c en FreeType anterior a 2.5.4 no comprueba correctamente si hay un desbordamiento de enteros, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a través de una fuente OpenType manipulada. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=196 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f0292bb9920aa1dbfed5f53861e7c7a89b35833a http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://www.debian.org/security/2015/dsa-3188 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 1

CVE-2014-9657 – freetype: off-by-one buffer over-read in tt_face_load_hdmx()

https://notcve.org/view.php?id=CVE-2014-9657

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. La función tt_face_load_hdmx en truetype/ttpload.c en FreeType anterior a 2.5.4 no establece un tamaño de registro mínimo, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a través de una fuente TrueType manipulada. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=195 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=eca0f067068020870a429fe91f6329e499390d55 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://rhn.redhat.com/errata/RHSA-2015-0696.html • CWE-125: Out-of-bounds Read •

CVSS: 6.8EPSS: 1%CPEs: 24EXPL: 1

CVE-2014-9664 – freetype: off-by-one buffer over-read in parse_charstrings() / t42_parse_charstrings()

https://notcve.org/view.php?id=CVE-2014-9664

FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. FreeType anterior a 2.5.4 no comprueba si hay un final de los datos durante ciertas acciones de análisis sintáctico, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a través de una fuente Type42 manipulada, relacionado con type42/t42parse.c y type1/t1load.c. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=183 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=73be9f9ab67842cfbec36ee99e8d2301434c84ca http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=dd89710f0f643eb0f99a3830e0712d26c7642acd http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 3%CPEs: 10EXPL: 1

CVE-2014-9668

https://notcve.org/view.php?id=CVE-2014-9668

The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file. La función woff_open_font en sfnt/sfobjs.c en FreeType anterior a 2.5.4 proceda con los cálculos de desplazamiento más longitud (offset+length) sin restringir los valores de longitud, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de enteros y desbordamiento de buffer basado en memoria dinámica) o posiblemente tener otro impacto no especificado a través de un fichero Web Open Font Format (WOFF) manipulado. • http://code.google.com/p/google-security-research/issues/detail?id=164 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://www.securityfocus.com/bid/72986 http://www.ubuntu.com/usn/USN-2510-1 http://www.ubunt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 2%CPEs: 23EXPL: 1

CVE-2014-9674 – freetype: multiple integer overflows Mac_Read_POST_Resource() leading to heap-based buffer overflows

https://notcve.org/view.php?id=CVE-2014-9674

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. La función Mac_Read_POST_Resource en base/ftobjs.c en FreeType anterior a 2.5.4 proceda con la suma de los valores de longitud sin validar los valores originales, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de enteros y desbordamiento de buffer basado en memoria dinámica) o posiblemente tener otro impacto no especificado a través de una fuente Mac manipulada. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=153 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=240c94a185cd8dae7d03059abec8a5662c35ecd3 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=cd4a5a26e591d01494567df9dec7f72d59551f6e http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse& • CWE-122: Heap-based Buffer Overflow •