CVSS: 7.5EPSS: 3%CPEs: 12EXPL: 1CVE-2014-9659
https://notcve.org/view.php?id=CVE-2014-9659
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240. cff/cf2intrp.c en el interprete CFF CharString en FreeType anterior a 2.5.4 proceda con indicios (hints) adicionales después de que la mascara de indicios (hints) haya sido computado, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (desbordamiento de buffere basado en pila) a través de una fuente OpenType manipulada. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-2240. • http://code.google.com/p/google-security-research/issues/detail?id=190 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f873237f1c77d43540537c7a721d3fd8 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.ubuntu.com/usn/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 10EXPL: 1CVE-2014-9665
https://notcve.org/view.php?id=CVE-2014-9665
The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file. La función Load_SBit_Png en sfnt/pngshim.c en FreeType anterior a 2.5.4 no restringe los valores de filas y tonos de los datos PNG, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de enteros y desbordamiento de buffer basado en memoria dinámica) o posiblemente tener otro impacto no especificado mediante el embebido de un fichero PNG en un fichero de fuentes .ttf. • http://code.google.com/p/google-security-research/issues/detail?id=168 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=54abd22891bd51ef8b533b24df53b3019b5cee81 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b3500af717010137046ec4076d1e1c0641e33727 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 1CVE-2014-9658 – freetype: buffer over-read and integer underflow in tt_face_load_kern()
https://notcve.org/view.php?id=CVE-2014-9658
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. La función tt_face_load_kern en sfnt/ttkern.c en FreeType anterior a 2.5.4 fuerza una longitud de tabla mínima incorrecta, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a través de una fuente TrueType manipulada. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=194 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://rhn.redhat.com/errata/RHSA-2015-0696.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 4%CPEs: 11EXPL: 1CVE-2014-9662
https://notcve.org/view.php?id=CVE-2014-9662
cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font. cff/cf2ft.c en FreeType anterior a 2.5.4 no valida los valores de retorno de las funciones de la reserva de puntos, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica) o posiblemente tener otro impacto no especificado a través de una fuente OTF manipulada. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=185 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5f201ab5c24cb69bc96b724fd66e739928d6c5e2 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://www.securityfocus.com/bid/72986 http://w • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 24EXPL: 1CVE-2014-9663 – freetype: out-of-bounds read in tt_cmap4_validate()
https://notcve.org/view.php?id=CVE-2014-9663
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table. La función tt_cmap4_validate en sfnt/ttcmap.c en FreeType anterior a 2.5.4 valida cierto campo de longitud antes de que el valor de este campo está calculado completamente, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a través de una tabla SFNT cmap manipulada. • http://advisories.mageia.org/MGASA-2015-0083.html http://code.google.com/p/google-security-research/issues/detail?id=184 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9bd20b7304aae61de5d50ac359cf27132bafd4c1 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://rhn.redhat.com/errata/RHSA-2015-0696.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •