CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0CVE-2014-9746
https://notcve.org/view.php?id=CVE-2014-9746
The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font. Las funciones (1) t1_parse_font_matrix en type1/t1load.c, (2) cid_parse_font_matrix en cid/cidload.c, (3) t42_parse_font_matrix en type42/t42parse.c y (4) ps_parser_load_field en psaux/psobjs.c en FreeType en versiones anteriores a 2.5.4 no verifican los valores de retorno, lo que permite a atacantes remotos provocar una denegación de servicio (acceso a memoria no inicializada y caída de aplicación) o posiblemente tener otro impacto no especificado a través de una fuente manipulada. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 http://www.debian.org/security/2015/dsa-3370 http://www.openwall.com/lists/oss-security/2015/09/11/4 http://www.openwall.com/lists/oss-security/2015/09/25/4 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html https://savannah.nongnu.org/bugs/?41309 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2014-9747
https://notcve.org/view.php?id=CVE-2014-9747
The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font. La función t42_parse_encoding en type42/t42parse.c en FreeType en versiones anteriores a 2.5.4 no actualiza adecuadamente la posición actual para el modo immediates-only lo que permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una fuente Type42. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/src/type42/t42parse.c?id=8b281f83e8516535756f92dbf90940ac44bd45e1 http://www.debian.org/security/2015/dsa-3370 http://www.openwall.com/lists/oss-security/2015/09/11/4 http://www.openwall.com/lists/oss-security/2015/09/25/4 https://savannah.nongnu.org/bugs/?41309 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 6%CPEs: 7EXPL: 0CVE-2014-9745
https://notcve.org/view.php?id=CVE-2014-9745
The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage. Vulnerabilidad en la función parse_encoding en type1/t1load.c en FreeType en versiones anteriores a 2.5.3, permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un 'broken number-with-base' en un stream Postscript, según lo demostrado por 8#garbage. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75 http://lists.opensuse.org/opensuse-updates/2015-10/msg00017.html http://savannah.nongnu.org/bugs/index.php?41590 http://www.debian.org/security/2015/dsa-3370 http://www.securityfocus.com/bid/76727 http://www.securitytracker.com/id/1033536 http://www.ubuntu.com/usn/USN-2739-1 https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1492124 https://code.google.com/p/chromium&# • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 3%CPEs: 12EXPL: 1CVE-2014-9659
https://notcve.org/view.php?id=CVE-2014-9659
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240. cff/cf2intrp.c en el interprete CFF CharString en FreeType anterior a 2.5.4 proceda con indicios (hints) adicionales después de que la mascara de indicios (hints) haya sido computado, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (desbordamiento de buffere basado en pila) a través de una fuente OpenType manipulada. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-2240. • http://code.google.com/p/google-security-research/issues/detail?id=190 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f873237f1c77d43540537c7a721d3fd8 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.ubuntu.com/usn/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 1CVE-2014-9657 – freetype: off-by-one buffer over-read in tt_face_load_hdmx()
https://notcve.org/view.php?id=CVE-2014-9657
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. La función tt_face_load_hdmx en truetype/ttpload.c en FreeType anterior a 2.5.4 no establece un tamaño de registro mínimo, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a través de una fuente TrueType manipulada. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=195 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=eca0f067068020870a429fe91f6329e499390d55 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://rhn.redhat.com/errata/RHSA-2015-0696.html • CWE-125: Out-of-bounds Read •