CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 1CVE-2014-9664 – freetype: off-by-one buffer over-read in parse_charstrings() / t42_parse_charstrings()
https://notcve.org/view.php?id=CVE-2014-9664
08 Feb 2015 — FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. FreeType anterior a 2.5.4 no comprueba si hay un final de los datos durante ciertas acciones de análisis sintáctico, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblem... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 5%CPEs: 11EXPL: 1CVE-2014-9662 – Gentoo Linux Security Advisory 201503-05
https://notcve.org/view.php?id=CVE-2014-9662
08 Feb 2015 — cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font. cff/cf2ft.c en FreeType anterior a 2.5.4 no valida los valores de retorno de las funciones de la reserva de puntos, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica) o posiblemente ... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 4%CPEs: 20EXPL: 1CVE-2014-9673 – freetype: integer signedness error in Mac_Read_POST_Resource() leading to heap-based buffer overflow
https://notcve.org/view.php?id=CVE-2014-9673
08 Feb 2015 — Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. Error de signo de enteros en la función Mac_Read_POST_Resource en base/ftobjs.c en FreeType anterior a 2.5.4 permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica) o posiblemente tener otro impacto... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.8EPSS: 4%CPEs: 11EXPL: 1CVE-2014-9672 – Mandriva Linux Security Advisory 2015-055
https://notcve.org/view.php?id=CVE-2014-9672
08 Feb 2015 — Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file. Error en el indice del array en la función parse_fond en base/ftmac.c en FreeType anterior a 2.5.4 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o obtener información sensible desde el proceso de la memoria a tr... • http://advisories.mageia.org/MGASA-2015-0083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 4%CPEs: 10EXPL: 1CVE-2014-9665 – Gentoo Linux Security Advisory 201503-05
https://notcve.org/view.php?id=CVE-2014-9665
08 Feb 2015 — The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file. La función Load_SBit_Png en sfnt/pngshim.c en FreeType anterior a 2.5.4 no restringe los valores de filas y tonos de los datos PNG, lo que permite a atacantes remotos causar una denegación ... • http://code.google.com/p/google-security-research/issues/detail?id=168 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 3%CPEs: 22EXPL: 2CVE-2014-9661 – freetype: out of bounds read in Type42 font parser
https://notcve.org/view.php?id=CVE-2014-9661
08 Feb 2015 — type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font. type42/t42parse.c en FreeType anterior a 2.5.4 no considera que escaneo puede resultar incompleto sin provoca un error, lo que permite a atacantes remotos causar una denegación de servicio (uso después de liberación) o posiblemente tener otro im... • https://packetstorm.news/files/id/134396 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2015-0247 – Gentoo Linux Security Advisory 201701-06
https://notcve.org/view.php?id=CVE-2015-0247
06 Feb 2015 — Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. Desbordamiento de buffer basado en memoria dinámica en openfs.c en la libraría libext2fs en e2fsprogs anterior a 1.42.12 permite a usuarios locales ejecutar código arbitrario a través de datos manipulados del descriptor de grupos en bloque en una imagen del sistema de ficheros. The libext2fs library, part of e2... • http://advisories.mageia.org/MGASA-2015-0061.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 58%CPEs: 8EXPL: 0CVE-2014-9636 – unzip: out-of-bounds read/write in test_compr_eb() in extract.c
https://notcve.org/view.php?id=CVE-2014-9636
03 Feb 2015 — unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. unzip 6.0 permite a atacantes remotos causar una denegación de servicio (lectura o escritura fuera de rango y caída) a través de un campo extra con un tamaño comprimido más pequeño que el tamaño del campo comprimido en un archivo zip que anuncia la compresión del m... • http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2015-0400 – Gentoo Linux Security Advisory 201603-14
https://notcve.org/view.php?id=CVE-2015-0400
21 Jan 2015 — Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Vulnerabilidad no especificada en Oracle Java SE 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con Libraries. Potential security vulnerabilities have been identified in the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) running on HP-UX. These vulnerabilities co... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 •
CVSS: 10.0EPSS: 13%CPEs: 18EXPL: 0CVE-2014-6601 – OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)
https://notcve.org/view.php?id=CVE-2014-6601
21 Jan 2015 — Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 6u85, 7u72, y 8u25 permite a atacantes remotos afectar la confidencialidad, integridad, y disponibilidad a través de vectores desconocidos relacionados con Hotspot. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted ... • http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 •