CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 1CVE-2014-9666 – Mandriva Linux Security Advisory 2015-055
https://notcve.org/view.php?id=CVE-2014-9666
08 Feb 2015 — The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap. La función tt_sbit_decoder_init en sfnt/ttsbit.c en FreeType anterior a 2.5.4 proceda con una asociación de contar a tamaño (count-to-size) sin restringir el valor de la cuenta, lo qu... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 2%CPEs: 11EXPL: 1CVE-2014-9656 – Mandriva Linux Security Advisory 2015-055
https://notcve.org/view.php?id=CVE-2014-9656
08 Feb 2015 — The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font. La función tt_sbit_decoder_load_image en sfnt/ttsbit.c en FreeType anterior a 2.5.4 no comprueba correctamente si hay un desbordamiento de enteros, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuer... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 1%CPEs: 24EXPL: 1CVE-2014-9658 – freetype: buffer over-read and integer underflow in tt_face_load_kern()
https://notcve.org/view.php?id=CVE-2014-9658
08 Feb 2015 — The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. La función tt_face_load_kern en sfnt/ttkern.c en FreeType anterior a 2.5.4 fuerza una longitud de tabla mínima incorrecta, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro i... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 5%CPEs: 10EXPL: 1CVE-2014-9668 – Gentoo Linux Security Advisory 201503-05
https://notcve.org/view.php?id=CVE-2014-9668
08 Feb 2015 — The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file. La función woff_open_font en sfnt/sfobjs.c en FreeType anterior a 2.5.4 proceda con los cálculos de desplazamiento más longitud (offset+length) sin restringir los valo... • http://code.google.com/p/google-security-research/issues/detail?id=164 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 3%CPEs: 10EXPL: 1CVE-2014-9665 – Gentoo Linux Security Advisory 201503-05
https://notcve.org/view.php?id=CVE-2014-9665
08 Feb 2015 — The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file. La función Load_SBit_Png en sfnt/pngshim.c en FreeType anterior a 2.5.4 no restringe los valores de filas y tonos de los datos PNG, lo que permite a atacantes remotos causar una denegación ... • http://code.google.com/p/google-security-research/issues/detail?id=168 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 4%CPEs: 22EXPL: 2CVE-2014-9661 – freetype: out of bounds read in Type42 font parser
https://notcve.org/view.php?id=CVE-2014-9661
08 Feb 2015 — type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font. type42/t42parse.c en FreeType anterior a 2.5.4 no considera que escaneo puede resultar incompleto sin provoca un error, lo que permite a atacantes remotos causar una denegación de servicio (uso después de liberación) o posiblemente tener otro im... • https://packetstorm.news/files/id/134396 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 2%CPEs: 24EXPL: 1CVE-2014-9663 – freetype: out-of-bounds read in tt_cmap4_validate()
https://notcve.org/view.php?id=CVE-2014-9663
08 Feb 2015 — The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table. La función tt_cmap4_validate en sfnt/ttcmap.c en FreeType anterior a 2.5.4 valida cierto campo de longitud antes de que el valor de este campo está calculado completamente, lo que permite a atacantes r... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 1CVE-2014-9664 – freetype: off-by-one buffer over-read in parse_charstrings() / t42_parse_charstrings()
https://notcve.org/view.php?id=CVE-2014-9664
08 Feb 2015 — FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. FreeType anterior a 2.5.4 no comprueba si hay un final de los datos durante ciertas acciones de análisis sintáctico, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblem... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 2%CPEs: 22EXPL: 1CVE-2014-9671 – freetype: integer overflow in pcf_get_properties() leading to NULL pointer dereference
https://notcve.org/view.php?id=CVE-2014-9671
08 Feb 2015 — Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented. Error de superación de límite (off-by-one) en la función pcf_get_properties en pcf/pcfread.c en FreeType anterior a 2.5.4 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de aplicación... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 2%CPEs: 23EXPL: 1CVE-2014-9674 – freetype: multiple integer overflows Mac_Read_POST_Resource() leading to heap-based buffer overflows
https://notcve.org/view.php?id=CVE-2014-9674
08 Feb 2015 — The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. La función Mac_Read_POST_Resource en base/ftobjs.c en FreeType anterior a 2.5.4 proceda con la suma de los valores de longitud sin validar los valores originales, lo que permite a a... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-122: Heap-based Buffer Overflow •