Page 18 of 90 results (0.012 seconds)

CVSS: 6.8EPSS: 62%CPEs: 1EXPL: 2

Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. Error de presencia de signo en entero en truetype/ttgload.c de Freetype 2.3.4 y versiones anteriores podría permitir a atacantes remotos ejecutar código de su elección mediante una imagen TTF manipulada con un valor n_points negativo, lo que conduce a un desbordamiento de entero y desbordamiento de búfer basado en montículo. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://cvs.savannah.nongnu.org/viewvc/freetype2/src/truetype/ttgload.c?root=freetype&r1=1.177&r2=1.178 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.gnu.org/archive/html/freetype-devel/2007-04/msg00041.html http://osvdb.org/36509 http://secunia.com/advisories/25350 http://secunia.com/advisories&# • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 16%CPEs: 1EXPL: 0

Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861. Desbordamiento de entero en FreeType en versiones anteriores a 2.2 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un archivo PCF manipulado, según lo demostrado mediante el archivo de prueba Red Hat bad1.pcf, debido a una solución parcial de CVE-2006-1861. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html http://lists.suse.com/archive/suse-security-announce/2006-Aug/0002.html http://secunia.com/advisories/21062 http://secunia.com/advisories/21135 http://secunia.com/advisories/21144 http://secunia.com/advisories/2 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 5.0EPSS: 9%CPEs: 6EXPL: 1

ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. • https://www.exploit-db.com/exploits/27993 ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html http://secunia.com/advisories/20525 http://secunia.com/advisories/20591 http://secunia.com/advisories/20638 http://secunia.com/advisories/20791 http://secunia.com/advisories/21062 http://secunia.com/advisories/21135 http://secunia.com/advisories/21385 http://secunia.com/advisories/21701 http:&#x • CWE-476: NULL Pointer Dereference •

CVSS: 5.0EPSS: 54%CPEs: 1EXPL: 1

Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. • https://www.exploit-db.com/exploits/27992 ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html http://secunia.com/advisories/20525 http://secunia.com/advisories/20591 http://secunia.com/advisories/20638 http://secunia.com/advisories/20791 http://secunia.com/advisories/21062 http://secunia.com/advisories/21135 http:/& • CWE-189: Numeric Errors •

CVSS: 7.5EPSS: 13%CPEs: 9EXPL: 0

Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html http://secunia.com/advisories/20100 http://secunia.com/advisories/20525 http://secunia.com/advisories/20591 http://secunia.com/advisories/20638 http://secunia.com/advisories/20791 http://secunia.c • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •