CVSS: 9.1EPSS: 1%CPEs: 24EXPL: 1CVE-2014-9658 – freetype: buffer over-read and integer underflow in tt_face_load_kern()
https://notcve.org/view.php?id=CVE-2014-9658
08 Feb 2015 — The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. La función tt_face_load_kern en sfnt/ttkern.c en FreeType anterior a 2.5.4 fuerza una longitud de tabla mínima incorrecta, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro i... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 2%CPEs: 12EXPL: 1CVE-2014-9659 – Gentoo Linux Security Advisory 201503-05
https://notcve.org/view.php?id=CVE-2014-9659
08 Feb 2015 — cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240. cff/cf2intrp.c en el interprete CFF CharString en FreeType anterior a 2.5.4 proceda con indicios (hints) adicionales después de que la mascara d... • http://code.google.com/p/google-security-research/issues/detail?id=190 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 3%CPEs: 24EXPL: 1CVE-2014-9660 – freetype: missing ENDCHAR NULL pointer dereference in the _bdf_parse_glyphs()
https://notcve.org/view.php?id=CVE-2014-9660
08 Feb 2015 — The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font. La función _bdf_parse_glyphs en bdf/bdflib.c en FreeType anterior a 2.5.4 no maneja correctamente un registro ENDCHAR perdido, lo que permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) o posiblement... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 4%CPEs: 22EXPL: 2CVE-2014-9661 – freetype: out of bounds read in Type42 font parser
https://notcve.org/view.php?id=CVE-2014-9661
08 Feb 2015 — type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font. type42/t42parse.c en FreeType anterior a 2.5.4 no considera que escaneo puede resultar incompleto sin provoca un error, lo que permite a atacantes remotos causar una denegación de servicio (uso después de liberación) o posiblemente tener otro im... • https://packetstorm.news/files/id/134396 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 2%CPEs: 11EXPL: 1CVE-2014-9662 – Gentoo Linux Security Advisory 201503-05
https://notcve.org/view.php?id=CVE-2014-9662
08 Feb 2015 — cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font. cff/cf2ft.c en FreeType anterior a 2.5.4 no valida los valores de retorno de las funciones de la reserva de puntos, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica) o posiblemente ... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 1CVE-2014-9663 – freetype: out-of-bounds read in tt_cmap4_validate()
https://notcve.org/view.php?id=CVE-2014-9663
08 Feb 2015 — The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table. La función tt_cmap4_validate en sfnt/ttcmap.c en FreeType anterior a 2.5.4 valida cierto campo de longitud antes de que el valor de este campo está calculado completamente, lo que permite a atacantes r... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 1CVE-2014-9664 – freetype: off-by-one buffer over-read in parse_charstrings() / t42_parse_charstrings()
https://notcve.org/view.php?id=CVE-2014-9664
08 Feb 2015 — FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. FreeType anterior a 2.5.4 no comprueba si hay un final de los datos durante ciertas acciones de análisis sintáctico, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblem... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 2%CPEs: 10EXPL: 1CVE-2014-9665 – Gentoo Linux Security Advisory 201503-05
https://notcve.org/view.php?id=CVE-2014-9665
08 Feb 2015 — The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file. La función Load_SBit_Png en sfnt/pngshim.c en FreeType anterior a 2.5.4 no restringe los valores de filas y tonos de los datos PNG, lo que permite a atacantes remotos causar una denegación ... • http://code.google.com/p/google-security-research/issues/detail?id=168 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 1CVE-2014-9666 – Mandriva Linux Security Advisory 2015-055
https://notcve.org/view.php?id=CVE-2014-9666
08 Feb 2015 — The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap. La función tt_sbit_decoder_init en sfnt/ttsbit.c en FreeType anterior a 2.5.4 proceda con una asociación de contar a tamaño (count-to-size) sin restringir el valor de la cuenta, lo qu... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 1%CPEs: 22EXPL: 1CVE-2014-9667 – freetype: integer overflow in tt_face_load_font_dir() leading to out-of-bounds read
https://notcve.org/view.php?id=CVE-2014-9667
08 Feb 2015 — sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table. sfnt/ttload.c en FreeType anterior a 2.5.4 proceda con los cálculos de la longitud de offset sin restringir los valores, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de enteros y lectura fuer... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •