https://bugzilla.redhat.com/show_bug.cgi?id=1191094
Bug ID: 1191094
Summary: CVE-2014-9671 freetype: Off-by-one error in the
pcf_get_properties function in pcf/pcfread.c
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: behdad(a)fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com
Common Vulnerabilities and Exposures assigned CVE-2014-9671 to the following
issue:
Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in
FreeType
before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer
dereference and application crash) via a crafted PCF file with a 0xffffffff
size
value that is improperly incremented.
http://code.google.com/p/google-security-research/issues/detail?id=157http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0e2f5d...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Kh2uxQYUM7&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1191096
Bug ID: 1191096
Summary: CVE-2014-9673 freetype: Integer signedness error in
the Mac_Read_POST_Resource function in base/ftobjs.c
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: behdad(a)fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com
Common Vulnerabilities and Exposures assigned CVE-2014-9673 to the following
issue:
Integer signedness error in the Mac_Read_POST_Resource function in
base/ftobjs.c
in FreeType before 2.5.4 allows remote attackers to cause a denial of service
(heap-based buffer overflow) or possibly have unspecified other impact via a
crafted Mac font.
http://code.google.com/p/google-security-research/issues/detail?id=154http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=35252a...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=cE4QxwCKVN&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1191093
Bug ID: 1191093
Summary: CVE-2014-9670 freetype: Multiple integer signedness
errors in the pcf_get_encodings function
inpcf/pcfread.c
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: behdad(a)fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com
Common Vulnerabilities and Exposures assigned CVE-2014-9670 to the following
issue:
Multiple integer signedness errors in the pcf_get_encodings function in
pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial
of service (integer overflow, NULL pointer dereference, and application crash)
via a crafted PCF file that specifies negative values for the first column and
first row.
http://code.google.com/p/google-security-research/issues/detail?id=158http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=HvmsnCm2yW&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1191092
Bug ID: 1191092
Summary: CVE-2014-9669 freetype: Multiple integer overflows in
sfnt/ttcmap.c
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: behdad(a)fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com
Common Vulnerabilities and Exposures assigned CVE-2014-9669 to the following
issue:
Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow
remote attackers to cause a denial of service (out-of-bounds read or memory
corruption) or possibly have unspecified other impact via a crafted cmap SFNT
table.
http://code.google.com/p/google-security-research/issues/detail?id=163http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=lbZKQCjzZ4&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1191090
Bug ID: 1191090
Summary: CVE-2014-9667 freetype: integer overflow and
out-of-bounds read in sfnt/ttload.c
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: behdad(a)fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com
Common Vulnerabilities and Exposures assigned CVE-2014-9667 to the following
issue:
sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations
without restricting the values, which allows remote attackers to cause a denial
of service (integer overflow and out-of-bounds read) or possibly have
unspecified other impact via a crafted SFNT table.
http://code.google.com/p/google-security-research/issues/detail?id=166http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=677ddf...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=zImGNf0ZHS&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1191085
Bug ID: 1191085
Summary: CVE-2014-9663 freetype: out-of-bounds read in the
tt_cmap4_validate function in sfnt/ttcmap.c
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: behdad(a)fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com
Common Vulnerabilities and Exposures assigned CVE-2014-9663 to the following
issue:
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4
validates a certain length field before that field's value is completely
calculated, which allows remote attackers to cause a denial of service
(out-of-bounds read) or possibly have unspecified other impact via a crafted
cmap SFNT table.
http://code.google.com/p/google-security-research/issues/detail?id=184http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9bd20b...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=RqfqmMYrge&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1191082
Bug ID: 1191082
Summary: CVE-2014-9660 freetype: NULL pointer dereference in
the _bdf_parse_glyphs function in bdf/bdflib.c
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: behdad(a)fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com
Common Vulnerabilities and Exposures assigned CVE-2014-9660 to the following
issue:
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does
not
properly handle a missing ENDCHAR record, which allows remote attackers to
cause
a denial of service (NULL pointer dereference) or possibly have unspecified
other impact via a crafted BDF font.
http://code.google.com/p/google-security-research/issues/detail?id=188http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=af8346...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=934GUlEIr0&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1191080
Bug ID: 1191080
Summary: CVE-2014-9658 freetype: DoS in the tt_face_load_kern
function in sfnt/ttkern.c
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: behdad(a)fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, mkasik(a)redhat.com
Common Vulnerabilities and Exposures assigned CVE-2014-9658 to the following
issue:
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4
enforces an incorrect minimum table length, which allows remote attackers to
cause a denial of service (out-of-bounds read) or possibly have unspecified
other impact via a crafted TrueType font.
http://code.google.com/p/google-security-research/issues/detail?id=194http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f70d93...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=NNjC60WFxk&a=cc_unsubscribe