CVSS: 6.8EPSS: 3%CPEs: 20EXPL: 1CVE-2014-9673 – freetype: integer signedness error in Mac_Read_POST_Resource() leading to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2014-9673
Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. Error de signo de enteros en la función Mac_Read_POST_Resource en base/ftobjs.c en FreeType anterior a 2.5.4 permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica) o posiblemente tener otro impacto no especificado a través de una fuente Mac manipulada. An integer signedness flaw, leading to a heap-based buffer overflow, was found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=154 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=35252ae9aa1dd9343e9f4884e9ddb1fee10ef415 http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://rhn.redhat.com/errata/RHSA-2015-0696.html http://www.debian.org/security/2015/dsa-3188 http://www.mandriva.com/security/advisories?name=MDVSA-2015:055 http://www.oracle.com/technetwork/topics/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.8EPSS: 2%CPEs: 22EXPL: 1CVE-2014-9667 – freetype: integer overflow in tt_face_load_font_dir() leading to out-of-bounds read
https://notcve.org/view.php?id=CVE-2014-9667
sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table. sfnt/ttload.c en FreeType anterior a 2.5.4 proceda con los cálculos de la longitud de offset sin restringir los valores, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de enteros y lectura fuera de rango) o posiblemnete tener otro impacto no especificado a través de una tabla SFNT manipulada. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=166 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=677ddf4f1dc1b36cef7c7ddd59a14c508f4b1891 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://rhn.redhat.com/errata/RHSA-2015-0696.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 0%CPEs: 22EXPL: 1CVE-2014-9675 – freetype: information leak in _bdf_add_property()
https://notcve.org/view.php?id=CVE-2014-9675
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font. bdf/bdflib.c en FreeType anterior a 2.5.4 identifica los nombres de propiedades con solamente verificar que una subcadena inicial esté presente, lo que permite a atacantes remotos descubrir valores de punteros de la memoria dinámica y evadir el mecanismo de protección ASLR a través de una fuente BDF manipulada. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=151 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://rhn.redhat.com/errata/RHSA-2015-0696.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 1CVE-2014-9657 – freetype: off-by-one buffer over-read in tt_face_load_hdmx()
https://notcve.org/view.php?id=CVE-2014-9657
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. La función tt_face_load_hdmx en truetype/ttpload.c en FreeType anterior a 2.5.4 no establece un tamaño de registro mínimo, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a través de una fuente TrueType manipulada. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=195 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=eca0f067068020870a429fe91f6329e499390d55 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://rhn.redhat.com/errata/RHSA-2015-0696.html • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 1%CPEs: 24EXPL: 1CVE-2014-9664 – freetype: off-by-one buffer over-read in parse_charstrings() / t42_parse_charstrings()
https://notcve.org/view.php?id=CVE-2014-9664
FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. FreeType anterior a 2.5.4 no comprueba si hay un final de los datos durante ciertas acciones de análisis sintáctico, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a través de una fuente Type42 manipulada, relacionado con type42/t42parse.c y type1/t1load.c. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=183 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=73be9f9ab67842cfbec36ee99e8d2301434c84ca http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=dd89710f0f643eb0f99a3830e0712d26c7642acd http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •