Package "freetype"
Name: |
freetype
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- FreeType 2 demonstration programs
|
Latest version: |
2.4.8-1ubuntu2.7 |
Release: |
precise (12.04) |
Level: |
updates |
Repository: |
universe |
Links
Other versions of "freetype" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
freetype (2.4.8-1ubuntu2.2) precise-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
multiple security issues
- debian/patches-freetype/CVE-2014-96xx/*.patch: backport a large
quantity of upstream commits to fix multiple security issues.
- CVE-2014-9656
- CVE-2014-9657
- CVE-2014-9658
- CVE-2014-9660
- CVE-2014-9661
- CVE-2014-9663
- CVE-2014-9664
- CVE-2014-9666
- CVE-2014-9667
- CVE-2014-9669
- CVE-2014-9670
- CVE-2014-9671
- CVE-2014-9672
- CVE-2014-9673
- CVE-2014-9674
- CVE-2014-9675
-- Marc Deslauriers <email address hidden> Tue, 24 Feb 2015 10:35:56 -0500
|
Source diff to previous version |
CVE-2014-9656 |
The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remot |
CVE-2014-9657 |
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers |
CVE-2014-9658 |
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to |
CVE-2014-9660 |
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attack |
CVE-2014-9661 |
type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attacke |
CVE-2014-9663 |
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely cal |
CVE-2014-9664 |
FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of servi |
CVE-2014-9666 |
The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count v |
CVE-2014-9667 |
sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to caus |
CVE-2014-9669 |
Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memor |
CVE-2014-9670 |
Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a deni |
CVE-2014-9671 |
Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (N |
CVE-2014-9672 |
Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bo |
CVE-2014-9673 |
Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial o |
CVE-2014-9674 |
The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original v |
CVE-2014-9675 |
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers |
|
freetype (2.4.8-1ubuntu2.1) precise-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via NULL
pointer dereference
- debian/patches-freetype/CVE-2012-5668.patch: reset props_size in case
of allocation error in src/bdf/bdflib.c.
- CVE-2012-5668
* SECURITY UPDATE: denial of service and possible code execution via heap
buffer over-read in BDF parsing
- debian/patches-freetype/CVE-2012-5669.patch: use correct array size
in src/bdf/bdflib.c.
- CVE-2012-5669
-- Marc Deslauriers <email address hidden> Fri, 11 Jan 2013 13:45:45 -0500
|
|
About
-
Send Feedback to @ubuntu_updates