Page 2 of 105 results (0.051 seconds)

CVSS: 8.8EPSS: 2%CPEs: 12EXPL: 1

08 Feb 2015 — cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240. cff/cf2intrp.c en el interprete CFF CharString en FreeType anterior a 2.5.4 proceda con indicios (hints) adicionales después de que la mascara d... • http://code.google.com/p/google-security-research/issues/detail?id=190 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 3%CPEs: 23EXPL: 1

08 Feb 2015 — The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. La función Mac_Read_POST_Resource en base/ftobjs.c en FreeType anterior a 2.5.4 proceda con la suma de los valores de longitud sin validar los valores originales, lo que permite a a... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-122: Heap-based Buffer Overflow •

CVSS: 8.8EPSS: 3%CPEs: 24EXPL: 1

08 Feb 2015 — The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font. La función _bdf_parse_glyphs en bdf/bdflib.c en FreeType anterior a 2.5.4 no maneja correctamente un registro ENDCHAR perdido, lo que permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) o posiblement... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-476: NULL Pointer Dereference •

CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 1

08 Feb 2015 — FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. FreeType anterior a 2.5.4 no comprueba si hay un final de los datos durante ciertas acciones de análisis sintáctico, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblem... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 5%CPEs: 24EXPL: 1

08 Feb 2015 — Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row. Múltiples erroes de signo de enteros en la función pcf_get_encodings en pcf/pcfread.c en FreeType anterior a 2.5.4 permiten a atacantes remotos causar una denegación de servicio (desbordamien... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-189: Numeric Errors CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 3%CPEs: 22EXPL: 1

08 Feb 2015 — Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented. Error de superación de límite (off-by-one) en la función pcf_get_properties en pcf/pcfread.c en FreeType anterior a 2.5.4 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de aplicación... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-476: NULL Pointer Dereference •

CVSS: 9.1EPSS: 1%CPEs: 24EXPL: 1

08 Feb 2015 — The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. La función tt_face_load_kern en sfnt/ttkern.c en FreeType anterior a 2.5.4 fuerza una longitud de tabla mínima incorrecta, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro i... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 1

08 Feb 2015 — Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table. Múltiples desbordamientos de enteros en sfnt/ttcmap.c en FreeType anterior a 2.5.4 permiten a atacantes remotos causar una denegación de servicio (lectura fuera de rango o corrupción de memoria) o posiblemente tener otro impacto no especificado a través de una tabla SFNT cmap... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 1

08 Feb 2015 — The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. La función tt_face_load_hdmx en truetype/ttpload.c en FreeType anterior a 2.5.4 no establece un tamaño de registro mínimo, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblemente tener otr... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0

03 Feb 2015 — jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. jcc.c en Privoxy anterior a 3.0.23 permite a atacantes remotos causar una denegación de servicio (abortar) a través de un cuerpo de fragmentos codificados. • http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup • CWE-20: Improper Input Validation •