CVE-2007-3506
https://notcve.org/view.php?id=CVE-2007-3506
The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug." La función ft_bitmap_assure_buffer en src/base/ftbimap.c de FreeType 2.3.3 permite a atacantes remotos dependientes del contexto provocar una denegación de servicio y posiblemente ejecutar código de su elección mediante vectores no especificados que implican fuentes de mapas de bits, relacionado con "fallo de sobrescritura de memoria de búfer". • http://cvs.savannah.nongnu.org/viewvc/freetype2/src/base/ftbitmap.c?root=freetype&r1=1.17&r2=1.18 http://savannah.nongnu.org/bugs/index.php?19536 http://secunia.com/advisories/25884 http://www.securityfocus.com/bid/24708 https://sourceforge.net/project/shownotes.php?group_id=3157&release_id=499970 •
CVE-2007-2754 – freetype integer overflow
https://notcve.org/view.php?id=CVE-2007-2754
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. Error de presencia de signo en entero en truetype/ttgload.c de Freetype 2.3.4 y versiones anteriores podría permitir a atacantes remotos ejecutar código de su elección mediante una imagen TTF manipulada con un valor n_points negativo, lo que conduce a un desbordamiento de entero y desbordamiento de búfer basado en montículo. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://cvs.savannah.nongnu.org/viewvc/freetype2/src/truetype/ttgload.c?root=freetype&r1=1.177&r2=1.178 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.gnu.org/archive/html/freetype-devel/2007-04/msg00041.html http://osvdb.org/36509 http://secunia.com/advisories/25350 http://secunia.com/advisories • CWE-190: Integer Overflow or Wraparound •
CVE-2006-3467 – freetype: integer overflow vulnerability due to incomplete fix for CVE-2006-1861
https://notcve.org/view.php?id=CVE-2006-3467
Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861. Desbordamiento de entero en FreeType en versiones anteriores a 2.2 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un archivo PCF manipulado, según lo demostrado mediante el archivo de prueba Red Hat bad1.pcf, debido a una solución parcial de CVE-2006-1861. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html http://lists.suse.com/archive/suse-security-announce/2006-Aug/0002.html http://secunia.com/advisories/21062 http://secunia.com/advisories/21135 http://secunia.com/advisories/21144 http://secunia.com/advisories/2 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2006-2661 – FreeType - '.TTF' File Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-2661
ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. • https://www.exploit-db.com/exploits/27993 ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html http://secunia.com/advisories/20525 http://secunia.com/advisories/20591 http://secunia.com/advisories/20638 http://secunia.com/advisories/20791 http://secunia.com/advisories/21062 http://secunia.com/advisories/21135 http://secunia.com/advisories/21385 http://secunia.com/advisories/21701 http: • CWE-476: NULL Pointer Dereference •
CVE-2006-0747 – FreeType - '.TTF' File Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-0747
Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. • https://www.exploit-db.com/exploits/27992 ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html http://secunia.com/advisories/20525 http://secunia.com/advisories/20591 http://secunia.com/advisories/20638 http://secunia.com/advisories/20791 http://secunia.com/advisories/21062 http://secunia.com/advisories/21135 http:/& • CWE-189: Numeric Errors •