June 2015 - fonts-bugs - Fedora Mailing-Lists

[Bug 1191094] New: CVE-2014-9671 freetype: Off-by-one error in the pcf_get_properties function in pcf/pcfread.c

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1191094 Bug ID: 1191094 Summary: CVE-2014-9671 freetype: Off-by-one error in the pcf_get_properties function in pcf/pcfread.c Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: behdad(a)fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com Common Vulnerabilities and Exposures assigned CVE-2014-9671 to the following issue: Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented. http://code.google.com/p/google-security-research/issues/detail?id=157 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0e2f5d... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Kh2uxQYUM7&a=cc_unsubscribe

8 years, 5 months

1
14
0 / 0

[Bug 1191096] New: CVE-2014-9673 freetype: Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1191096 Bug ID: 1191096 Summary: CVE-2014-9673 freetype: Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: behdad(a)fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com Common Vulnerabilities and Exposures assigned CVE-2014-9673 to the following issue: Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. http://code.google.com/p/google-security-research/issues/detail?id=154 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=35252a... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=cE4QxwCKVN&a=cc_unsubscribe

8 years, 5 months

1
12
0 / 0

[Bug 1191093] New: CVE-2014-9670 freetype: Multiple integer signedness errors in the pcf_get_encodings function inpcf/pcfread.c

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1191093 Bug ID: 1191093 Summary: CVE-2014-9670 freetype: Multiple integer signedness errors in the pcf_get_encodings function inpcf/pcfread.c Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: behdad(a)fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com Common Vulnerabilities and Exposures assigned CVE-2014-9670 to the following issue: Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row. http://code.google.com/p/google-security-research/issues/detail?id=158 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=HvmsnCm2yW&a=cc_unsubscribe

8 years, 5 months

1
15
0 / 0

[Bug 1191092] New: CVE-2014-9669 freetype: Multiple integer overflows in sfnt/ttcmap.c

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1191092 Bug ID: 1191092 Summary: CVE-2014-9669 freetype: Multiple integer overflows in sfnt/ttcmap.c Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: behdad(a)fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com Common Vulnerabilities and Exposures assigned CVE-2014-9669 to the following issue: Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table. http://code.google.com/p/google-security-research/issues/detail?id=163 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=lbZKQCjzZ4&a=cc_unsubscribe

8 years, 5 months

1
16
0 / 0

[Bug 1191090] New: CVE-2014-9667 freetype: integer overflow and out-of-bounds read in sfnt/ttload.c

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1191090 Bug ID: 1191090 Summary: CVE-2014-9667 freetype: integer overflow and out-of-bounds read in sfnt/ttload.c Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: behdad(a)fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com Common Vulnerabilities and Exposures assigned CVE-2014-9667 to the following issue: sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table. http://code.google.com/p/google-security-research/issues/detail?id=166 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=677ddf... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=zImGNf0ZHS&a=cc_unsubscribe

8 years, 5 months

1
16
0 / 0

[Bug 1191086] New: CVE-2014-9664 freetype: out-of-bounds read via a crafted Type42 font

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1191086 Bug ID: 1191086 Summary: CVE-2014-9664 freetype: out-of-bounds read via a crafted Type42 font Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: behdad(a)fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com Common Vulnerabilities and Exposures assigned CVE-2014-9664 to the following issue: FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. http://code.google.com/p/google-security-research/issues/detail?id=183 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=73be9f... http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=dd8971... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=f9GfIaQbWS&a=cc_unsubscribe

8 years, 5 months

1
15
0 / 0

[Bug 1191085] New: CVE-2014-9663 freetype: out-of-bounds read in the tt_cmap4_validate function in sfnt/ttcmap.c

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1191085 Bug ID: 1191085 Summary: CVE-2014-9663 freetype: out-of-bounds read in the tt_cmap4_validate function in sfnt/ttcmap.c Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: behdad(a)fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com Common Vulnerabilities and Exposures assigned CVE-2014-9663 to the following issue: The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table. http://code.google.com/p/google-security-research/issues/detail?id=184 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9bd20b... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=RqfqmMYrge&a=cc_unsubscribe

8 years, 5 months

1
15
0 / 0

[Bug 1191083] New: CVE-2014-9661 freetype: use-after-free in type42/t42parse.c

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1191083 Bug ID: 1191083 Summary: CVE-2014-9661 freetype: use-after-free in type42/t42parse.c Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: behdad(a)fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com Common Vulnerabilities and Exposures assigned CVE-2014-9661 to the following issue: type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font. http://code.google.com/p/google-security-research/issues/detail?id=187 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=378818... http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=42fcd6... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=1QWIwOVd3E&a=cc_unsubscribe

8 years, 5 months

1
15
0 / 0

[Bug 1191082] New: CVE-2014-9660 freetype: NULL pointer dereference in the _bdf_parse_glyphs function in bdf/bdflib.c

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1191082 Bug ID: 1191082 Summary: CVE-2014-9660 freetype: NULL pointer dereference in the _bdf_parse_glyphs function in bdf/bdflib.c Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: behdad(a)fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com Common Vulnerabilities and Exposures assigned CVE-2014-9660 to the following issue: The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font. http://code.google.com/p/google-security-research/issues/detail?id=188 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=af8346... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=934GUlEIr0&a=cc_unsubscribe

8 years, 5 months

1
16
0 / 0

[Bug 1191080] New: CVE-2014-9658 freetype: DoS in the tt_face_load_kern function in sfnt/ttkern.c

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1191080 Bug ID: 1191080 Summary: CVE-2014-9658 freetype: DoS in the tt_face_load_kern function in sfnt/ttkern.c Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: behdad(a)fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com Common Vulnerabilities and Exposures assigned CVE-2014-9658 to the following issue: The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. http://code.google.com/p/google-security-research/issues/detail?id=194 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f70d93... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=NNjC60WFxk&a=cc_unsubscribe

8 years, 5 months

1
16
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

fonts-bugs June 2015