Showing 1 - 5 of 5

CVE-2014-9656

Status Candidate

Overview

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.

Related Files

Mandriva Linux Security Advisory 2015-089: Posted Mar 30, 2015; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2015-089 - Updated freetype2 packages fix multiple security vulnerabilities.; tags | advisory, vulnerability; systems | linux, mandriva; advisories | CVE-2014-2240, CVE-2014-2241, CVE-2014-9656, CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9662, CVE-2014-9663, CVE-2014-9664, CVE-2014-9666, CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9672, CVE-2014-9673, CVE-2014-9674, CVE-2014-9675; SHA-256 | d9af0018e0e96e3e988540710f546c85f77672c5edfba6bb08db2d042cb23ace; Download | Favorite | View

Debian Security Advisory 3188-1: Posted Mar 16, 2015; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3188-1 - Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code.; tags | advisory, denial of service, arbitrary, vulnerability; systems | linux, debian; advisories | CVE-2014-9656, CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664, CVE-2014-9666, CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9672, CVE-2014-9673, CVE-2014-9675; SHA-256 | a20668f8db8083d4e55f9d72e09394b68908dfd1bbf6c65d7ed199563219642d; Download | Favorite | View

Gentoo Linux Security Advisory 201503-05: Posted Mar 9, 2015; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201503-5 - Multiple vulnerabilities have been found in FreeType, possibly resulting in Denial of Service. Versions less than 2.5.5 are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2014-9656, CVE-2014-9657, CVE-2014-9658, CVE-2014-9659, CVE-2014-9660, CVE-2014-9661, CVE-2014-9662, CVE-2014-9663, CVE-2014-9664, CVE-2014-9665, CVE-2014-9666, CVE-2014-9667, CVE-2014-9668, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9672, CVE-2014-9673, CVE-2014-9674, CVE-2014-9675; SHA-256 | 18c20fc5dea96db94329999ec37cf2a66601bd49860954c458cb8846091c88e5; Download | Favorite | View

Mandriva Linux Security Advisory 2015-055: Posted Mar 4, 2015; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2015-055 - The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font. The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted TrueType font. The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted TrueType font. Various other issues have also been addressed.; tags | advisory, remote, denial of service, overflow; systems | linux, mandriva; advisories | CVE-2014-9656, CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664, CVE-2014-9666, CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9672, CVE-2014-9673, CVE-2014-9674, CVE-2014-9675; SHA-256 | ea5afe2e065748087b3505058fe600ae5ebe2dc2de3a8f9bd97dc15a6efff7e7; Download | Favorite | View

Ubuntu Security Notice USN-2510-1: Posted Feb 24, 2015; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2510-1 - Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.; tags | advisory, remote, arbitrary; systems | linux, ubuntu; advisories | CVE-2014-9656, CVE-2014-9657, CVE-2014-9658, CVE-2014-9659, CVE-2014-9660, CVE-2014-9661, CVE-2014-9662, CVE-2014-9663, CVE-2014-9664, CVE-2014-9665, CVE-2014-9666, CVE-2014-9667, CVE-2014-9668, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9672, CVE-2014-9673, CVE-2014-9674, CVE-2014-9675; SHA-256 | 004b239ee393759fc7cb311874d2950a7c617c30b47ea5eaf837e1aa8242e9ec; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2014-9656

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems