CVE-2015-9382 – freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face operation in skip_comment, psaux/psobjs.c, leads to a buffer over-read
https://notcve.org/view.php?id=CVE-2015-9382
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. FreeType en versiones anteriores a la. 6.1 tiene una sobrelectura de búfer en skip_comment en psaux/psobjs.c porque ps_parser_skip_PS_token se controla incorrectamente en una operación FT_New_Memory_Face. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/psaux/psobjs.c?id=db5a4a9ae7b0048f033361744421da8569642f73 https://access.redhat.com/errata/RHSA-2019:4254 https://lists.debian.org/debian-lts-announce/2019/09/msg00002.html https://savannah.nongnu.org/bugs/?45922 https://usn.ubuntu.com/4126-2 https://access.redhat.com/security/cve/CVE-2015-9382 https://bugzilla.redhat.com/show_bug.cgi?id=1763609 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVE-2015-9381 – freetype: a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c leading to crash
https://notcve.org/view.php?id=CVE-2015-9381
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. FreeType en versiones anteriores a la 2.6.1 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en T1_Get_Private_Dict en type1/t1parse.c. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=7962a15d64c876870ca0ae435ea2467d9be268d9 https://access.redhat.com/errata/RHSA-2019:4254 https://lists.debian.org/debian-lts-announce/2019/09/msg00002.html https://savannah.nongnu.org/bugs/?45955 https://usn.ubuntu.com/4126-2 https://access.redhat.com/security/cve/CVE-2015-9381 https://bugzilla.redhat.com/show_bug.cgi?id=1752788 • CWE-125: Out-of-bounds Read •
CVE-2015-9290
https://notcve.org/view.php?id=CVE-2015-9290
In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again. En FreeType anterior a versión 2.6.1, se presenta una lectura excesiva de búfer en el archivo type1/t1parse.c en la función T1_Get_Private_Dict, donde no hay ninguna comprobación de que los nuevos valores de cur y limit son razonables antes de ir a Again. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/t1parse.c?id=e3058617f384cb6709f3878f753fa17aca9e3a30 https://lists.debian.org/debian-lts-announce/2019/08/msg00019.html https://savannah.nongnu.org/bugs/?45923 https://support.f5.com/csp/article/K38315305 https://support.f5.com/csp/article/K38315305?utm_source=f5support&%3Butm_medium=RSS • CWE-125: Out-of-bounds Read •
CVE-2018-6942
https://notcve.org/view.php?id=CVE-2018-6942
An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file. Se ha descubierto un problema hasta la versión 2.9 de FreeType 2. Una desreferencia de puntero NULL en la función Ins_GETVARIATION() en ttinterp.c podría conducir a DoS mediante un archivo de fuentes manipulado. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00054.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736 https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef https://usn.ubuntu.com/3572-1 https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-476: NULL Pointer Dereference •
CVE-2017-8287
https://notcve.org/view.php?id=CVE-2017-8287
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. FreeType 2 antes de 2017-03-26 tiene una escritura fuera de límites causada por un desbordamiento de búfer basado en heap relacionado con la función t1_builder_close_contour en psaux / psobjs.c. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0 http://www.debian.org/security/2017/dsa-3839 http://www.securityfocus.com/bid/99091 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941 https://security.gentoo.org/glsa/201706-14 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •