Latest CVE Feed
-
6.8
MEDIUMCVE-2014-9673
Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.... Read more
- EPSS Score: %2.70
- Published: Feb. 08, 2015
- Modified: Apr. 12, 2025
-
5.8
MEDIUMCVE-2014-9672
Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font f... Read more
- EPSS Score: %1.93
- Published: Feb. 08, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-9671
Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is... Read more
Affected Products : ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus opensuse solaris enterprise_linux_hpc_node freetype +1 more products- EPSS Score: %2.72
- Published: Feb. 08, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2014-9670
Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file t... Read more
Affected Products : ubuntu_linux fedora debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus opensuse solaris enterprise_linux_hpc_node +2 more products- EPSS Score: %4.29
- Published: Feb. 08, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2014-9669
Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.... Read more
Affected Products : ubuntu_linux fedora debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus opensuse solaris enterprise_linux_hpc_node +2 more products- EPSS Score: %1.78
- Published: Feb. 08, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2014-9668
The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) ... Read more
- EPSS Score: %1.51
- Published: Feb. 08, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2014-9667
sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact ... Read more
Affected Products : ubuntu_linux fedora debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus opensuse enterprise_linux_hpc_node freetype +1 more products- EPSS Score: %1.71
- Published: Feb. 08, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2014-9666
The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read)... Read more
Affected Products : ubuntu_linux fedora debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus opensuse solaris enterprise_linux_hpc_node +2 more products- EPSS Score: %1.78
- Published: Feb. 08, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2014-9665
The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have un... Read more
- EPSS Score: %2.17
- Published: Feb. 08, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2014-9664
FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to ty... Read more
Affected Products : ubuntu_linux fedora debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus opensuse solaris enterprise_linux_hpc_node +2 more products- EPSS Score: %1.13
- Published: Feb. 08, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2014-9663
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have ... Read more
Affected Products : ubuntu_linux fedora debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus opensuse solaris enterprise_linux_hpc_node +2 more products- EPSS Score: %1.90
- Published: Feb. 08, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2014-9662
cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF fon... Read more
- EPSS Score: %2.74
- Published: Feb. 08, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2014-9661
type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted T... Read more
Affected Products : ubuntu_linux fedora debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus opensuse enterprise_linux_hpc_node freetype +1 more products- EPSS Score: %4.86
- Published: Feb. 08, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2014-9660
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via ... Read more
Affected Products : ubuntu_linux fedora debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus opensuse solaris enterprise_linux_hpc_node +2 more products- EPSS Score: %3.56
- Published: Feb. 08, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2014-9659
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overfl... Read more
- EPSS Score: %2.85
- Published: Feb. 08, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2014-9658
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Tr... Read more
Affected Products : ubuntu_linux fedora debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus opensuse solaris enterprise_linux_hpc_node +2 more products- EPSS Score: %1.28
- Published: Feb. 08, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2014-9657
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted... Read more
Affected Products : ubuntu_linux fedora debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus opensuse solaris enterprise_linux_hpc_node +2 more products- EPSS Score: %1.28
- Published: Feb. 08, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2014-9656
The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact vi... Read more
- EPSS Score: %1.79
- Published: Feb. 08, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-0072
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a secon... Read more
Affected Products : internet_explorer- EPSS Score: %88.55
- Published: Feb. 07, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-0871
Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK 1.62 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
Affected Products : guestbook- EPSS Score: %0.25
- Published: Feb. 07, 2015
- Modified: Apr. 12, 2025