Page 4 of 92 results (0.005 seconds)

CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 1

The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file. La función parse_charstrings en type1/t1load.c en FreeType 2 en versiones anteriores a 2.7 no asegura que una fuente contiene un nombre glyph, lo que permite a atacantes remotos provocar una denegación de servicio (sobre lectura de búfer basada en memoria dinámica) o posiblemente tener otro impacto no especificado a través de un archivo manipulado. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7 http://www.debian.org/security/2017/dsa-3839 http://www.securityfocus.com/bid/97405 http://www.securitytracker.com/id/1038090 http://www.securitytracker.com/id/1038201 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36 https://security.gentoo.org/glsa/201706-14 https://source.android.com/security/bulletin/2017-04-01 https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0

The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font. La función t42_parse_encoding en type42/t42parse.c en FreeType en versiones anteriores a 2.5.4 no actualiza adecuadamente la posición actual para el modo immediates-only lo que permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una fuente Type42. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/src/type42/t42parse.c?id=8b281f83e8516535756f92dbf90940ac44bd45e1 http://www.debian.org/security/2015/dsa-3370 http://www.openwall.com/lists/oss-security/2015/09/11/4 http://www.openwall.com/lists/oss-security/2015/09/25/4 https://savannah.nongnu.org/bugs/?41309 • CWE-399: Resource Management Errors •

CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0

The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font. Las funciones (1) t1_parse_font_matrix en type1/t1load.c, (2) cid_parse_font_matrix en cid/cidload.c, (3) t42_parse_font_matrix en type42/t42parse.c y (4) ps_parser_load_field en psaux/psobjs.c en FreeType en versiones anteriores a 2.5.4 no verifican los valores de retorno, lo que permite a atacantes remotos provocar una denegación de servicio (acceso a memoria no inicializada y caída de aplicación) o posiblemente tener otro impacto no especificado a través de una fuente manipulada. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 http://www.debian.org/security/2015/dsa-3370 http://www.openwall.com/lists/oss-security/2015/09/11/4 http://www.openwall.com/lists/oss-security/2015/09/25/4 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html https://savannah.nongnu.org/bugs/?41309 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 6%CPEs: 7EXPL: 0

The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage. Vulnerabilidad en la función parse_encoding en type1/t1load.c en FreeType en versiones anteriores a 2.5.3, permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un 'broken number-with-base' en un stream Postscript, según lo demostrado por 8#garbage. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75 http://lists.opensuse.org/opensuse-updates/2015-10/msg00017.html http://savannah.nongnu.org/bugs/index.php?41590 http://www.debian.org/security/2015/dsa-3370 http://www.securityfocus.com/bid/76727 http://www.securitytracker.com/id/1033536 http://www.ubuntu.com/usn/USN-2739-1 https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1492124 https://code.google.com/p/chromium&# • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 2%CPEs: 24EXPL: 1

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap. La función tt_sbit_decoder_init en sfnt/ttsbit.c en FreeType anterior a 2.5.4 proceda con una asociación de contar a tamaño (count-to-size) sin restringir el valor de la cuenta, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de enteros y lectura fuera de rango o posiblemente tener otro impacto a través de un bitmap embebido manipulado. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=167 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=257c270bd25e15890190a28a1456e7623bba4439 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://www.debian.org/security/2015/dsa-3188 http • CWE-189: Numeric Errors •