Vulnerabilities > Debian > Debian Linux
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-02-08 | CVE-2014-9661 | Remote vulnerability in FreeType Versions Prior to 2.5.4 type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font. | 7.5 |
| 2015-02-08 | CVE-2014-9660 | NULL Pointer Dereference vulnerability in multiple products The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font. | 7.5 |
| 2015-02-08 | CVE-2014-9658 | Out-of-bounds Read vulnerability in multiple products The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. | 7.5 |
| 2015-02-08 | CVE-2014-9657 | Out-of-bounds Read vulnerability in multiple products The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. | 7.5 |
| 2015-02-08 | CVE-2014-9656 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font. | 7.5 |
| 2015-02-06 | CVE-2014-9636 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. | 5.0 |
| 2015-02-03 | CVE-2015-1382 | Improper Input Validation vulnerability in multiple products parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. | 5.0 |
| 2015-02-03 | CVE-2015-1381 | Resource Management Errors vulnerability in multiple products Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. | 5.0 |
| 2015-01-26 | CVE-2014-8158 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image. | 6.8 |
| 2015-01-26 | CVE-2014-8157 | Numeric Errors vulnerability in multiple products Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow. | 7.5 |