10.0

DATE	CVE	VULNERABILITY TITLE	RISK
2015-02-08	CVE-2014-9664	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. network redhat debian opensuse canonical fedoraproject freetype oracle CWE-119	6.8
2015-02-08	CVE-2014-9663	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table. network low complexity freetype debian opensuse fedoraproject oracle canonical redhat CWE-119	7.5
2015-02-08	CVE-2014-9660	NULL Pointer Dereference vulnerability in multiple products The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font. network low complexity opensuse canonical debian oracle fedoraproject redhat freetype CWE-476	7.5
2015-02-08	CVE-2014-9659	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. network low complexity oracle freetype fedoraproject opensuse canonical CWE-119	7.5
2015-02-08	CVE-2014-9658	Out-of-bounds Read vulnerability in multiple products The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. network low complexity oracle canonical fedoraproject freetype debian opensuse redhat CWE-125	7.5
2015-02-08	CVE-2014-9657	Out-of-bounds Read vulnerability in multiple products The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. network low complexity opensuse redhat oracle fedoraproject freetype debian canonical CWE-125	7.5
2015-01-21	CVE-2015-1038	Link Following vulnerability in multiple products p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. network fedoraproject oracle 7-zip CWE-59	5.8
2011-10-18	CVE-2011-2313	Local Solaris vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to ZFS, a different vulnerability than CVE-2011-2311. local low complexity oracle sun	4.3