High

DATE	CVE	VULNERABILITY TITLE	RISK
2015-03-20	CVE-2015-1802	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in X Libxfont The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file. network x canonical debian CWE-119	8.5
2015-03-09	CVE-2015-2238	Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. network low complexity canonical google	7.5
2015-02-25	CVE-2015-0823	Use After Free Denial of Service vulnerability in Mozilla Firefox Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the ots::ots_gasp_parse function. network low complexity canonical opentype-sanitiser-project mozilla opensuse	7.5
2015-02-23	CVE-2015-1315	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. network low complexity canonical info-zip CWE-119	7.5
2015-02-08	CVE-2014-9674	Remote vulnerability in FreeType Versions Prior to 2.5.4 The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font. network low complexity canonical oracle fedoraproject redhat opensuse freetype	7.5
2015-02-08	CVE-2014-9668	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file. network low complexity opensuse fedoraproject canonical freetype CWE-119	7.5
2015-02-08	CVE-2014-9665	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file. network low complexity fedoraproject canonical freetype opensuse CWE-119	7.5
2015-02-08	CVE-2014-9663	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table. network low complexity freetype debian opensuse fedoraproject oracle canonical redhat CWE-119	7.5
2015-02-08	CVE-2014-9662	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font. network low complexity opensuse debian canonical fedoraproject freetype CWE-119	7.5
2015-02-08	CVE-2014-9661	Remote vulnerability in FreeType Versions Prior to 2.5.4 type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font. network low complexity canonical debian redhat freetype opensuse fedoraproject	7.5