CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
90.4%
Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.
Vendor | Product | Version | CPE |
---|---|---|---|
debian | debian_linux | 7.0 | cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* |
opensuse | opensuse | 13.1 | cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* |
opensuse | opensuse | 13.2 | cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* |
fedoraproject | fedora | 20 | cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:* |
fedoraproject | fedora | 21 | cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:* |
oracle | solaris | 10.0 | cpe:2.3:o:oracle:solaris:10.0:*:*:*:*:*:*:* |
oracle | solaris | 11.2 | cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:* |
redhat | enterprise_linux_desktop | 6.0 | cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* |
redhat | enterprise_linux_desktop | 7.0 | cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* |
redhat | enterprise_linux_hpc_node | 6 | cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:* |
advisories.mageia.org/MGASA-2015-0083.html
code.google.com/p/google-security-research/issues/detail?id=158
git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6
lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html
lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html
lists.opensuse.org/opensuse-updates/2015-03/msg00091.html
rhn.redhat.com/errata/RHSA-2015-0696.html
www.debian.org/security/2015/dsa-3188
www.mandriva.com/security/advisories?name=MDVSA-2015:055
www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
www.securityfocus.com/bid/72986
www.ubuntu.com/usn/USN-2510-1
www.ubuntu.com/usn/USN-2739-1
security.gentoo.org/glsa/201503-05