Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:23780
[Eng]
Version
2
Class
patch
ALTXid
156680
Language
Russian
Severity
NotAvailable
Title
Обновление DLA-185-1 -- обновление безопасности для freetype
Description
Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code. For the oldstable distribution (squeeze), these problems have been fixed in version 2.4.2-2.1+squeeze5. For the stable distribution (wheezy), these problems were fixed in version 2.4.9-1.1+deb7u1. -- Ben Hutchings - Debian developer, member of Linux kernel and LTS teams
Family
unix
Platform
Debian GNU/kFreeBSD 6
Debian GNU/Linux 6
Product
freetype
Reference
VENDOR: DLA-185-1
VENDOR: DLA-185-1
Id:
DLA-185-1
Reference:
https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201503/msg00022.html
CVE: CVE-2014-9656
CVE: CVE-2014-9656
Id:
CVE-2014-9656
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656
Comment
: The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f0292bb9920aa1dbfed5f53861e7c7a89b35833a (CONFIRM)
http://code.google.com/p/google-security-research/issues/detail?id=196 (MISC)
USN-2510-1 (UBUNTU)
DSA-3188 (DEBIAN)
FEDORA-2015-2216 (FEDORA)
MDVSA-2015:055 (MANDRIVA)
FEDORA-2015-2237 (FEDORA)
http://advisories.mageia.org/MGASA-2015-0083.html (CONFIRM)
openSUSE-SU-2015:0627 (SUSE)
USN-2739-1 (UBUNTU)
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (CONFIRM)
72986 (BID)
GLSA-201503-05 (GENTOO)
CVE: CVE-2014-9657
CVE: CVE-2014-9657
Id:
CVE-2014-9657
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9657
Comment
: The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
125 (Out-of-bounds Read)
References:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=eca0f067068020870a429fe91f6329e499390d55 (CONFIRM)
http://code.google.com/p/google-security-research/issues/detail?id=195 (MISC)
USN-2510-1 (UBUNTU)
DSA-3188 (DEBIAN)
FEDORA-2015-2216 (FEDORA)
RHSA-2015:0696 (REDHAT)
MDVSA-2015:055 (MANDRIVA)
FEDORA-2015-2237 (FEDORA)
http://advisories.mageia.org/MGASA-2015-0083.html (CONFIRM)
openSUSE-SU-2015:0627 (SUSE)
USN-2739-1 (UBUNTU)
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (CONFIRM)
72986 (BID)
GLSA-201503-05 (GENTOO)
CVE: CVE-2014-9658
CVE: CVE-2014-9658
Id:
CVE-2014-9658
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9658
Comment
: The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
125 (Out-of-bounds Read)
References:
http://code.google.com/p/google-security-research/issues/detail?id=194 (MISC)
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c (CONFIRM)
USN-2510-1 (UBUNTU)
DSA-3188 (DEBIAN)
FEDORA-2015-2216 (FEDORA)
RHSA-2015:0696 (REDHAT)
MDVSA-2015:055 (MANDRIVA)
FEDORA-2015-2237 (FEDORA)
http://advisories.mageia.org/MGASA-2015-0083.html (CONFIRM)
openSUSE-SU-2015:0627 (SUSE)
USN-2739-1 (UBUNTU)
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (CONFIRM)
72986 (BID)
GLSA-201503-05 (GENTOO)
CVE: CVE-2014-9660
CVE: CVE-2014-9660
Id:
CVE-2014-9660
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9660
Comment
: The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
476 (NULL Pointer Dereference)
References:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=af8346172a7b573715134f7a51e6c5c60fa7f2ab (CONFIRM)
http://code.google.com/p/google-security-research/issues/detail?id=188 (MISC)
USN-2510-1 (UBUNTU)
DSA-3188 (DEBIAN)
FEDORA-2015-2216 (FEDORA)
RHSA-2015:0696 (REDHAT)
MDVSA-2015:055 (MANDRIVA)
FEDORA-2015-2237 (FEDORA)
http://advisories.mageia.org/MGASA-2015-0083.html (CONFIRM)
openSUSE-SU-2015:0627 (SUSE)
USN-2739-1 (UBUNTU)
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (CONFIRM)
72986 (BID)
GLSA-201503-05 (GENTOO)
CVE: CVE-2014-9661
CVE: CVE-2014-9661
Id:
CVE-2014-9661
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9661
Comment
: type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=42fcd6693ec7bd6ffc65ddc63e74287a65dda669 (CONFIRM)
http://code.google.com/p/google-security-research/issues/detail?id=187 (MISC)
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3788187e0c396952cd7d905c6c61f3ff8e84b2b4 (CONFIRM)
USN-2510-1 (UBUNTU)
DSA-3188 (DEBIAN)
FEDORA-2015-2216 (FEDORA)
RHSA-2015:0696 (REDHAT)
MDVSA-2015:055 (MANDRIVA)
FEDORA-2015-2237 (FEDORA)
http://advisories.mageia.org/MGASA-2015-0083.html (CONFIRM)
openSUSE-SU-2015:0627 (SUSE)
USN-2739-1 (UBUNTU)
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (CONFIRM)
http://packetstormsecurity.com/files/134396/FreeType-2.5.3-Type42-Parsing-Use-After-Free.html (MISC)
72986 (BID)
GLSA-201503-05 (GENTOO)
CVE: CVE-2014-9663
CVE: CVE-2014-9663
Id:
CVE-2014-9663
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9663
Comment
: The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9bd20b7304aae61de5d50ac359cf27132bafd4c1 (CONFIRM)
http://code.google.com/p/google-security-research/issues/detail?id=184 (MISC)
USN-2510-1 (UBUNTU)
DSA-3188 (DEBIAN)
FEDORA-2015-2216 (FEDORA)
RHSA-2015:0696 (REDHAT)
MDVSA-2015:055 (MANDRIVA)
FEDORA-2015-2237 (FEDORA)
http://advisories.mageia.org/MGASA-2015-0083.html (CONFIRM)
openSUSE-SU-2015:0627 (SUSE)
USN-2739-1 (UBUNTU)
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (CONFIRM)
72986 (BID)
GLSA-201503-05 (GENTOO)
CVE: CVE-2014-9664
CVE: CVE-2014-9664
Id:
CVE-2014-9664
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9664
Comment
: FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://code.google.com/p/google-security-research/issues/detail?id=183 (MISC)
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=73be9f9ab67842cfbec36ee99e8d2301434c84ca (CONFIRM)
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=dd89710f0f643eb0f99a3830e0712d26c7642acd (CONFIRM)
USN-2510-1 (UBUNTU)
DSA-3188 (DEBIAN)
FEDORA-2015-2216 (FEDORA)
RHSA-2015:0696 (REDHAT)
MDVSA-2015:055 (MANDRIVA)
FEDORA-2015-2237 (FEDORA)
http://advisories.mageia.org/MGASA-2015-0083.html (CONFIRM)
openSUSE-SU-2015:0627 (SUSE)
USN-2739-1 (UBUNTU)
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (CONFIRM)
72986 (BID)
GLSA-201503-05 (GENTOO)
CVE: CVE-2014-9665
CVE: CVE-2014-9665
Id:
CVE-2014-9665
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9665
Comment
: The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=54abd22891bd51ef8b533b24df53b3019b5cee81 (CONFIRM)
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b3500af717010137046ec4076d1e1c0641e33727 (CONFIRM)
http://code.google.com/p/google-security-research/issues/detail?id=168 (MISC)
USN-2510-1 (UBUNTU)
FEDORA-2015-2216 (FEDORA)
FEDORA-2015-2237 (FEDORA)
openSUSE-SU-2015:0627 (SUSE)
USN-2739-1 (UBUNTU)
72986 (BID)
GLSA-201503-05 (GENTOO)
CVE: CVE-2014-9666
CVE: CVE-2014-9666
Id:
CVE-2014-9666
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9666
Comment
: The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
189 (Numeric Errors)
References:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=257c270bd25e15890190a28a1456e7623bba4439 (CONFIRM)
http://code.google.com/p/google-security-research/issues/detail?id=167 (MISC)
USN-2510-1 (UBUNTU)
DSA-3188 (DEBIAN)
FEDORA-2015-2216 (FEDORA)
MDVSA-2015:055 (MANDRIVA)
FEDORA-2015-2237 (FEDORA)
http://advisories.mageia.org/MGASA-2015-0083.html (CONFIRM)
openSUSE-SU-2015:0627 (SUSE)
USN-2739-1 (UBUNTU)
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (CONFIRM)
72986 (BID)
GLSA-201503-05 (GENTOO)
CVE: CVE-2014-9667
CVE: CVE-2014-9667
Id:
CVE-2014-9667
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9667
Comment
: sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://code.google.com/p/google-security-research/issues/detail?id=166 (MISC)
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=677ddf4f1dc1b36cef7c7ddd59a14c508f4b1891 (CONFIRM)
USN-2510-1 (UBUNTU)
DSA-3188 (DEBIAN)
FEDORA-2015-2216 (FEDORA)
RHSA-2015:0696 (REDHAT)
MDVSA-2015:055 (MANDRIVA)
FEDORA-2015-2237 (FEDORA)
http://advisories.mageia.org/MGASA-2015-0083.html (CONFIRM)
openSUSE-SU-2015:0627 (SUSE)
USN-2739-1 (UBUNTU)
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (CONFIRM)
72986 (BID)
GLSA-201503-05 (GENTOO)
CVE: CVE-2014-9669
CVE: CVE-2014-9669
Id:
CVE-2014-9669
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9669
Comment
: Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
125 (Out-of-bounds Read)
References:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040b1112c9f94d68e200be59ea7ac3d104565 (CONFIRM)
http://code.google.com/p/google-security-research/issues/detail?id=163 (MISC)
USN-2510-1 (UBUNTU)
DSA-3188 (DEBIAN)
FEDORA-2015-2216 (FEDORA)
RHSA-2015:0696 (REDHAT)
MDVSA-2015:055 (MANDRIVA)
FEDORA-2015-2237 (FEDORA)
http://advisories.mageia.org/MGASA-2015-0083.html (CONFIRM)
openSUSE-SU-2015:0627 (SUSE)
USN-2739-1 (UBUNTU)
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (CONFIRM)
72986 (BID)
GLSA-201503-05 (GENTOO)
CVE: CVE-2014-9670
CVE: CVE-2014-9670
Id:
CVE-2014-9670
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9670
Comment
: Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE:
189 (Numeric Errors)
References:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6 (CONFIRM)
http://code.google.com/p/google-security-research/issues/detail?id=158 (MISC)
USN-2510-1 (UBUNTU)
DSA-3188 (DEBIAN)
FEDORA-2015-2216 (FEDORA)
RHSA-2015:0696 (REDHAT)
MDVSA-2015:055 (MANDRIVA)
FEDORA-2015-2237 (FEDORA)
http://advisories.mageia.org/MGASA-2015-0083.html (CONFIRM)
openSUSE-SU-2015:0627 (SUSE)
USN-2739-1 (UBUNTU)
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (CONFIRM)
72986 (BID)
GLSA-201503-05 (GENTOO)
CVE: CVE-2014-9671
CVE: CVE-2014-9671
Id:
CVE-2014-9671
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9671
Comment
: Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE:
CWE-Other ()
References:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0e2f5d518c60e2978f26400d110eff178fa7e3c3 (CONFIRM)
http://code.google.com/p/google-security-research/issues/detail?id=157 (MISC)
USN-2510-1 (UBUNTU)
DSA-3188 (DEBIAN)
RHSA-2015:0696 (REDHAT)
MDVSA-2015:055 (MANDRIVA)
http://advisories.mageia.org/MGASA-2015-0083.html (CONFIRM)
openSUSE-SU-2015:0627 (SUSE)
USN-2739-1 (UBUNTU)
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (CONFIRM)
72986 (BID)
GLSA-201503-05 (GENTOO)
CVE: CVE-2014-9672
CVE: CVE-2014-9672
Id:
CVE-2014-9672
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9672
Comment
: Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=18a8f0d9943369449bc4de92d411c78fb08d616c (CONFIRM)
http://code.google.com/p/google-security-research/issues/detail?id=155 (MISC)
USN-2510-1 (UBUNTU)
DSA-3188 (DEBIAN)
MDVSA-2015:055 (MANDRIVA)
http://advisories.mageia.org/MGASA-2015-0083.html (CONFIRM)
openSUSE-SU-2015:0627 (SUSE)
USN-2739-1 (UBUNTU)
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (CONFIRM)
http://packetstormsecurity.com/files/134395/FreeType-2.5.3-Mac-FOND-Resource-Parsing-Out-Of-Bounds-Read-From-Stack.html (MISC)
72986 (BID)
GLSA-201503-05 (GENTOO)
CVE: CVE-2014-9673
CVE: CVE-2014-9673
Id:
CVE-2014-9673
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9673
Comment
: Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
http://code.google.com/p/google-security-research/issues/detail?id=154 (MISC)
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=35252ae9aa1dd9343e9f4884e9ddb1fee10ef415 (CONFIRM)
USN-2510-1 (UBUNTU)
DSA-3188 (DEBIAN)
RHSA-2015:0696 (REDHAT)
MDVSA-2015:055 (MANDRIVA)
http://advisories.mageia.org/MGASA-2015-0083.html (CONFIRM)
openSUSE-SU-2015:0627 (SUSE)
USN-2739-1 (UBUNTU)
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (CONFIRM)
72986 (BID)
GLSA-201503-05 (GENTOO)
CVE: CVE-2014-9674
CVE: CVE-2014-9674
Id:
CVE-2014-9674
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9674
Comment
: The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE:
CWE-Other ()
References:
http://code.google.com/p/google-security-research/issues/detail?id=153 (MISC)
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=240c94a185cd8dae7d03059abec8a5662c35ecd3 (CONFIRM)
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=cd4a5a26e591d01494567df9dec7f72d59551f6e (CONFIRM)
USN-2510-1 (UBUNTU)
FEDORA-2015-2216 (FEDORA)
RHSA-2015:0696 (REDHAT)
MDVSA-2015:055 (MANDRIVA)
FEDORA-2015-2237 (FEDORA)
http://advisories.mageia.org/MGASA-2015-0083.html (CONFIRM)
openSUSE-SU-2015:0627 (SUSE)
USN-2739-1 (UBUNTU)
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (CONFIRM)
DSA-3461 (DEBIAN)
72986 (BID)
GLSA-201503-05 (GENTOO)
CVE: CVE-2014-9675
CVE: CVE-2014-9675
Id:
CVE-2014-9675
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675
Comment
: bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE:
264 (Permissions, Privileges, and Access Controls)
References:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7 (CONFIRM)
http://code.google.com/p/google-security-research/issues/detail?id=151 (MISC)
USN-2510-1 (UBUNTU)
DSA-3188 (DEBIAN)
FEDORA-2015-2216 (FEDORA)
RHSA-2015:0696 (REDHAT)
MDVSA-2015:055 (MANDRIVA)
FEDORA-2015-2237 (FEDORA)
http://advisories.mageia.org/MGASA-2015-0083.html (CONFIRM)
openSUSE-SU-2015:0627 (SUSE)
USN-2739-1 (UBUNTU)
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html (CONFIRM)
https://source.android.com/security/bulletin/2016-11-01.html (CONFIRM)
72986 (BID)
GLSA-201503-05 (GENTOO)
Content available only for registered users!
ovaldb@altx-soft.com