CVE-2007-2754 – freetype integer overflow
https://notcve.org/view.php?id=CVE-2007-2754
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. Error de presencia de signo en entero en truetype/ttgload.c de Freetype 2.3.4 y versiones anteriores podría permitir a atacantes remotos ejecutar código de su elección mediante una imagen TTF manipulada con un valor n_points negativo, lo que conduce a un desbordamiento de entero y desbordamiento de búfer basado en montículo. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://cvs.savannah.nongnu.org/viewvc/freetype2/src/truetype/ttgload.c?root=freetype&r1=1.177&r2=1.178 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.gnu.org/archive/html/freetype-devel/2007-04/msg00041.html http://osvdb.org/36509 http://secunia.com/advisories/25350 http://secunia.com/advisories • CWE-190: Integer Overflow or Wraparound •
CVE-2006-3467 – freetype: integer overflow vulnerability due to incomplete fix for CVE-2006-1861
https://notcve.org/view.php?id=CVE-2006-3467
Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861. Desbordamiento de entero en FreeType en versiones anteriores a 2.2 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un archivo PCF manipulado, según lo demostrado mediante el archivo de prueba Red Hat bad1.pcf, debido a una solución parcial de CVE-2006-1861. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html http://lists.suse.com/archive/suse-security-announce/2006-Aug/0002.html http://secunia.com/advisories/21062 http://secunia.com/advisories/21135 http://secunia.com/advisories/21144 http://secunia.com/advisories/2 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2006-2661 – FreeType - '.TTF' File Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-2661
ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. • https://www.exploit-db.com/exploits/27993 ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html http://secunia.com/advisories/20525 http://secunia.com/advisories/20591 http://secunia.com/advisories/20638 http://secunia.com/advisories/20791 http://secunia.com/advisories/21062 http://secunia.com/advisories/21135 http://secunia.com/advisories/21385 http://secunia.com/advisories/21701 http: • CWE-476: NULL Pointer Dereference •
CVE-2006-0747 – FreeType - '.TTF' File Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-0747
Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. • https://www.exploit-db.com/exploits/27992 ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html http://secunia.com/advisories/20525 http://secunia.com/advisories/20591 http://secunia.com/advisories/20638 http://secunia.com/advisories/20791 http://secunia.com/advisories/21062 http://secunia.com/advisories/21135 http:/& • CWE-189: Numeric Errors •
CVE-2006-1861 – freetype: multiple integer overflow vulnerabilities
https://notcve.org/view.php?id=CVE-2006-1861
Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html http://secunia.com/advisories/20100 http://secunia.com/advisories/20525 http://secunia.com/advisories/20591 http://secunia.com/advisories/20638 http://secunia.com/advisories/20791 http://secunia.c • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •