Bugs fixes in "freetype"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2014-9667 | sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to caus | 2015-03-30 |
| CVE | CVE-2014-9666 | The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count v | 2015-03-30 |
| CVE | CVE-2014-9665 | The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote at | 2015-03-30 |
| CVE | CVE-2014-9664 | FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of servi | 2015-03-30 |
| CVE | CVE-2014-9663 | The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely cal | 2015-03-30 |
| CVE | CVE-2014-9662 | cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a deni | 2015-03-30 |
| CVE | CVE-2014-9661 | type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attacke | 2015-03-30 |
| CVE | CVE-2014-9660 | The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attack | 2015-03-30 |
| CVE | CVE-2014-9659 | cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which | 2015-03-30 |
| CVE | CVE-2014-9658 | The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to | 2015-03-30 |
| CVE | CVE-2014-9657 | The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers | 2015-03-30 |
| CVE | CVE-2014-9656 | The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remot | 2015-03-30 |
| CVE | CVE-2014-9675 | bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers | 2015-02-24 |
| CVE | CVE-2014-9674 | The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original v | 2015-02-24 |
| CVE | CVE-2014-9673 | Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial o | 2015-02-24 |
| CVE | CVE-2014-9672 | Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bo | 2015-02-24 |
| CVE | CVE-2014-9671 | Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (N | 2015-02-24 |
| CVE | CVE-2014-9670 | Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a deni | 2015-02-24 |
| CVE | CVE-2014-9669 | Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memor | 2015-02-24 |
| CVE | CVE-2014-9667 | sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to caus | 2015-02-24 |
About
-
Send Feedback to @ubuntu_updates
