CVE-2009-0946 – freetype: multiple integer overflows
https://notcve.org/view.php?id=CVE-2009-0946
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. Múltiples desbordamientos de entero en FreeType v2.3.9 y anteriores permiten a atacantes remotos ejecutar código de su elección mediante vectores relacionados con valores grandes en ciertas entradas en (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, y (3) cff/cffload.c. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg • CWE-190: Integer Overflow or Wraparound •
CVE-2008-1808 – FreeType off-by-one flaws
https://notcve.org/view.php?id=CVE-2008-1808
Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow. Múltiples errores de superación de límite (off-by-one) en FreeType2 antes de 2.3.6 permite a atacantes dependientes del contexto ejecutar código arbitrario mediante (1) una tabla manipulada en un archivo Printer Font Binary (PFB) o (2) una instrucción SHC manipulada en un archivo TrueType Font (TTF), lo que dispara un desbordamiento de búfer basado en montículo. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717 http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://secunia.com/advisories/30600 http://secunia& • CWE-189: Numeric Errors CWE-193: Off-by-one Error •
CVE-2008-1807 – FreeType invalid free() flaw
https://notcve.org/view.php?id=CVE-2008-1807
FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via an invalid "number of axes" field in a Printer Font Binary (PFB) file, which triggers a free of arbitrary memory locations, leading to memory corruption. FreeType2 versiones anteriores a 2.3.6 permite a atacantes dependientes de contexto ejecutar código de su elección a través de un campo "número de axes" inválido en un fichero Printer Font Binary (PFB), lo cual dispara una liberación de localizaciones de memoria de su elección, provocando corrupción de memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716 http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://secunia.com/advisories/30600 http://secunia& • CWE-189: Numeric Errors •
CVE-2008-1806 – FreeType PFB integer overflow
https://notcve.org/view.php?id=CVE-2008-1806
Integer overflow in FreeType2 before 2.3.6 allows context-dependent attackers to execute arbitrary code via a crafted set of 16-bit length values within the Private dictionary table in a Printer Font Binary (PFB) file, which triggers a heap-based buffer overflow. Desbordamiento de entero en FreeType2 anterior a 2.3.6, permite a atacantes dependientes del contexto ejecutar código arbitrario a través de un set de valores manipulados de un tamaño 16-bit dentro de la tabla de diccionario Private en un archivo Printer Font Binary (PFB), lo que provoca un desbordamiento de búfer basado en montículo. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715 http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://secunia.com/advisories/30600 http://secunia& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2007-3506
https://notcve.org/view.php?id=CVE-2007-3506
The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug." La función ft_bitmap_assure_buffer en src/base/ftbimap.c de FreeType 2.3.3 permite a atacantes remotos dependientes del contexto provocar una denegación de servicio y posiblemente ejecutar código de su elección mediante vectores no especificados que implican fuentes de mapas de bits, relacionado con "fallo de sobrescritura de memoria de búfer". • http://cvs.savannah.nongnu.org/viewvc/freetype2/src/base/ftbitmap.c?root=freetype&r1=1.17&r2=1.18 http://savannah.nongnu.org/bugs/index.php?19536 http://secunia.com/advisories/25884 http://www.securityfocus.com/bid/24708 https://sourceforge.net/project/shownotes.php?group_id=3157&release_id=499970 •