Vulnerabilities > Freetype

DATE CVE VULNERABILITY TITLE RISK
2015-02-08 CVE-2014-9664 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.
6.8
2015-02-08 CVE-2014-9663 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.
7.5
2015-02-08 CVE-2014-9662 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.
7.5
2015-02-08 CVE-2014-9661 Remote vulnerability in FreeType Versions Prior to 2.5.4
type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.
7.5
2015-02-08 CVE-2014-9660 NULL Pointer Dereference vulnerability in multiple products
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.
7.5
2015-02-08 CVE-2014-9659 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font.
7.5
2015-02-08 CVE-2014-9658 Out-of-bounds Read vulnerability in multiple products
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
7.5
2015-02-08 CVE-2014-9657 Out-of-bounds Read vulnerability in multiple products
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
7.5
2015-02-08 CVE-2014-9656 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.
7.5
2014-03-18 CVE-2014-2241 Improper Input Validation vulnerability in multiple products
The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.
6.8