Vulnerabilities > Fedoraproject > Fedora > 20
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-02-08 | CVE-2014-9657 | Out-of-bounds Read vulnerability in multiple products The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. | 7.5 |
| 2015-02-08 | CVE-2014-9656 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font. | 7.5 |
| 2015-02-06 | CVE-2014-9636 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. | 5.0 |
| 2015-02-03 | CVE-2015-1463 | Code vulnerability in multiple products ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." | 5.0 |
| 2015-02-03 | CVE-2015-1462 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." | 7.5 |
| 2015-02-03 | CVE-2015-1461 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition." | 7.5 |
| 2015-02-03 | CVE-2014-9328 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition." | 7.5 |
| 2015-02-01 | CVE-2014-8630 | Command Injection vulnerability in multiple products Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name. | 6.5 |
| 2015-01-23 | CVE-2014-9639 | Local Denial of Service vulnerability in Vorbis Tools Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. | 5.0 |
| 2015-01-23 | CVE-2014-9638 | Local Denial of Service vulnerability in Vorbis Tools oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. | 5.0 |