10.04

DATE	CVE	VULNERABILITY TITLE	RISK
2015-02-08	CVE-2014-9668	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file. network low complexity opensuse fedoraproject canonical freetype CWE-119	7.5
2015-02-08	CVE-2014-9667	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table. network debian canonical fedoraproject freetype opensuse redhat CWE-119	6.8
2015-02-08	CVE-2014-9666	Numeric Errors vulnerability in multiple products The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap. network opensuse oracle canonical debian redhat fedoraproject freetype CWE-189	6.8
2015-02-08	CVE-2014-9665	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file. network low complexity fedoraproject canonical freetype opensuse CWE-119	7.5
2015-02-08	CVE-2014-9664	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. network redhat debian opensuse canonical fedoraproject freetype oracle CWE-119	6.8
2015-02-08	CVE-2014-9663	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table. network low complexity freetype debian opensuse fedoraproject oracle canonical redhat CWE-119	7.5
2015-02-08	CVE-2014-9662	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font. network low complexity opensuse debian canonical fedoraproject freetype CWE-119	7.5
2015-02-08	CVE-2014-9661	Remote vulnerability in FreeType Versions Prior to 2.5.4 type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font. network low complexity canonical debian redhat freetype opensuse fedoraproject	7.5
2015-02-08	CVE-2014-9660	NULL Pointer Dereference vulnerability in multiple products The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font. network low complexity opensuse canonical debian oracle fedoraproject redhat freetype CWE-476	7.5
2015-02-08	CVE-2014-9659	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. network low complexity oracle freetype fedoraproject opensuse canonical CWE-119	7.5