It was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow (CVE-2014-2240).
It was also reported that Freetype before 2.5.3 has a denial-of-service vulnerability in the CFF rasterizing code, due to a reachable assertion (CVE-2014-2241).
It was reported that Freetype before 2.5.4 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow. This is due to an incomplete fix for CVE-2014-2240.
The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font (CVE-2014-9656).
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9657).
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9658).
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font (CVE-2014-9660).
type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font (CVE-2014-9661).
cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font (CVE-2014-9662).
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9663).
FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c (CVE-2014-9664).
The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap (CVE-2014-9666).
sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table (CVE-2014-9667).
Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9669).
Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row (CVE-2014-9670).
Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented (CVE-2014-9671).
Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file (CVE-2014-9672).
Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9673).
The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9674).
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font (CVE-2014-9675).
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2015:089.
# The text itself is copyright (C) Mandriva S.A.
#
if (NASL_LEVEL < 3000) exit(0);
include("compat.inc");
if (description)
{
script_id(82342);
script_version("$Revision: 1.1 $");
script_cvs_date("$Date: 2015/03/30 13:59:00 $");
script_cve_id("CVE-2014-2240", "CVE-2014-2241", "CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9658", "CVE-2014-9660", "CVE-2014-9661", "CVE-2014-9662", "CVE-2014-9663", "CVE-2014-9664", "CVE-2014-9666", "CVE-2014-9667", "CVE-2014-9669", "CVE-2014-9670", "CVE-2014-9671", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9674", "CVE-2014-9675");
script_xref(name:"MDVSA", value:"2015:089");
script_name(english:"Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandriva Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated freetype2 packages fix security vulnerabilities :
It was reported that Freetype before 2.5.3 suffers from an
out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in
the CFF rasterizing code, which could lead to a buffer overflow
(CVE-2014-2240).
It was also reported that Freetype before 2.5.3 has a
denial-of-service vulnerability in the CFF rasterizing code, due to a
reachable assertion (CVE-2014-2241).
It was reported that Freetype before 2.5.4 suffers from an
out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in
the CFF rasterizing code, which could lead to a buffer overflow. This
is due to an incomplete fix for CVE-2014-2240.
The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType
before 2.5.4 does not properly check for an integer overflow, which
allows remote attackers to cause a denial of service (out-of-bounds
read) or possibly have unspecified other impact via a crafted OpenType
font (CVE-2014-9656).
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType
before 2.5.4 does not establish a minimum record size, which allows
remote attackers to cause a denial of service (out-of-bounds read) or
possibly have unspecified other impact via a crafted TrueType font
(CVE-2014-9657).
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before
2.5.4enforces an incorrect minimum table length, which allows remote
attackers to cause a denial of service (out-of-bounds read) or
possibly have unspecified other impact via a crafted TrueType font
(CVE-2014-9658).
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before
2.5.4 does not properly handle a missing ENDCHAR record, which allows
remote attackers to cause a denial of service (NULL pointer
dereference) or possibly have unspecified other impact via a crafted
BDF font (CVE-2014-9660).
type42/t42parse.c in FreeType before 2.5.4 does not consider that
scanning can be incomplete without triggering an error, which allows
remote attackers to cause a denial of service (use-after-free) or
possibly have unspecified other impact via a crafted Type42 font
(CVE-2014-9661).
cff/cf2ft.c in FreeType before 2.5.4 does not validate the return
values of point-allocation functions, which allows remote attackers to
cause a denial of service (heap-based buffer overflow) or possibly
have unspecified other impact via a crafted OTF font (CVE-2014-9662).
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before
2.5.4 validates a certain length field before that field's value is
completely calculated, which allows remote attackers to cause a denial
of service (out-of-bounds read) or possibly have unspecified other
impact via a crafted cmap SFNT table (CVE-2014-9663).
FreeType before 2.5.4 does not check for the end of the data during
certain parsing actions, which allows remote attackers to cause a
denial of service (out-of-bounds read) or possibly have unspecified
other impact via a crafted Type42 font, related to type42/t42parse.c
and type1/t1load.c (CVE-2014-9664).
The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before
2.5.4 proceeds with a count-to-size association without restricting
the count value, which allows remote attackers to cause a denial of
service (integer overflow and out-of-bounds read) or possibly have
unspecified other impact via a crafted embedded bitmap
(CVE-2014-9666).
sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length
calculations without restricting the values, which allows remote
attackers to cause a denial of service (integer overflow and
out-of-bounds read) or possibly have unspecified other impact via a
crafted SFNT table (CVE-2014-9667).
Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4
allow remote attackers to cause a denial of service (out-of-bounds
read or memory corruption) or possibly have unspecified other impact
via a crafted cmap SFNT table (CVE-2014-9669).
Multiple integer signedness errors in the pcf_get_encodings function
in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to
cause a denial of service (integer overflow, NULL pointer dereference,
and application crash) via a crafted PCF file that specifies negative
values for the first column and first row (CVE-2014-9670).
Off-by-one error in the pcf_get_properties function in pcf/pcfread.c
in FreeType before 2.5.4 allows remote attackers to cause a denial of
service (NULL pointer dereference and application crash) via a crafted
PCF file with a 0xffffffff size value that is improperly incremented
(CVE-2014-9671).
Array index error in the parse_fond function in base/ftmac.c in
FreeType before 2.5.4 allows remote attackers to cause a denial of
service (out-of-bounds read) or obtain sensitive information from
process memory via a crafted FOND resource in a Mac font file
(CVE-2014-9672).
Integer signedness error in the Mac_Read_POST_Resource function in
base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to
cause a denial of service (heap-based buffer overflow) or possibly
have unspecified other impact via a crafted Mac font (CVE-2014-9673).
The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType
before 2.5.4 proceeds with adding to length values without validating
the original values, which allows remote attackers to cause a denial
of service (integer overflow and heap-based buffer overflow) or
possibly have unspecified other impact via a crafted Mac font
(CVE-2014-9674).
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by
only verifying that an initial substring is present, which allows
remote attackers to discover heap pointer values and bypass the ASLR
protection mechanism via a crafted BDF font (CVE-2014-9675)."
);
script_set_attribute(
attribute:"see_also",
value:"http://advisories.mageia.org/MGASA-2014-0130.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://advisories.mageia.org/MGASA-2014-0526.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://advisories.mageia.org/MGASA-2015-0083.html"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:freetype2-demos");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64freetype6");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64freetype6-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2");
script_set_attribute(attribute:"patch_publication_date", value:"2015/03/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"freetype2-demos-2.5.0.1-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64freetype6-2.5.0.1-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64freetype6-devel-2.5.0.1-5.1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64freetype6-static-devel-2.5.0.1-5.1.mbs2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"published": "2015-03-30T00:00:00", "id": "MANDRIVA_MDVSA-2015-089.NASL", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [{"differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:00", "bulletin": {"enchantments": {}, "published": "2015-03-30T00:00:00", "id": "MANDRIVA_MDVSA-2015-089.NASL", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [], "cpe": [], "hash": "fc1b7e75561bf023086a7b18f9280ed89fb8d4e8803136111ebbd76bea1713d3", "description": "Updated freetype2 packages fix security vulnerabilities :\n\nIt was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow (CVE-2014-2240).\n\nIt was also reported that Freetype before 2.5.3 has a denial-of-service vulnerability in the CFF rasterizing code, due to a reachable assertion (CVE-2014-2241).\n\nIt was reported that Freetype before 2.5.4 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow. This is due to an incomplete fix for CVE-2014-2240.\n\nThe tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font (CVE-2014-9656).\n\nThe tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9657).\n\nThe tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9658).\n\nThe _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font (CVE-2014-9660).\n\ntype42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font (CVE-2014-9661).\n\ncff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font (CVE-2014-9662).\n\nThe tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9663).\n\nFreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c (CVE-2014-9664).\n\nThe tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap (CVE-2014-9666).\n\nsfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table (CVE-2014-9667).\n\nMultiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9669).\n\nMultiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row (CVE-2014-9670).\n\nOff-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented (CVE-2014-9671).\n\nArray index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file (CVE-2014-9672).\n\nInteger signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9673).\n\nThe Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9674).\n\nbdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font (CVE-2014-9675).", "type": "nessus", "pluginID": "82342", "lastseen": "2016-09-26T17:25:00", "edition": 1, "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82342", "modified": "2015-03-30T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-2241", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-2240", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "references": ["http://advisories.mageia.org/MGASA-2014-0526.html", "http://advisories.mageia.org/MGASA-2014-0130.html", "http://advisories.mageia.org/MGASA-2015-0083.html"], "naslFamily": "Mandriva Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:089. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82342);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/03/30 13:59:00 $\");\n\n script_cve_id(\"CVE-2014-2240\", \"CVE-2014-2241\", \"CVE-2014-9656\", \"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9662\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9666\", \"CVE-2014-9667\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9672\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_xref(name:\"MDVSA\", value:\"2015:089\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype2 packages fix security vulnerabilities :\n\nIt was reported that Freetype before 2.5.3 suffers from an\nout-of-bounds stack-based read/write flaw in cf2_hintmap_build() in\nthe CFF rasterizing code, which could lead to a buffer overflow\n(CVE-2014-2240).\n\nIt was also reported that Freetype before 2.5.3 has a\ndenial-of-service vulnerability in the CFF rasterizing code, due to a\nreachable assertion (CVE-2014-2241).\n\nIt was reported that Freetype before 2.5.4 suffers from an\nout-of-bounds stack-based read/write flaw in cf2_hintmap_build() in\nthe CFF rasterizing code, which could lead to a buffer overflow. This\nis due to an incomplete fix for CVE-2014-2240.\n\nThe tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType\nbefore 2.5.4 does not properly check for an integer overflow, which\nallows remote attackers to cause a denial of service (out-of-bounds\nread) or possibly have unspecified other impact via a crafted OpenType\nfont (CVE-2014-9656).\n\nThe tt_face_load_hdmx function in truetype/ttpload.c in FreeType\nbefore 2.5.4 does not establish a minimum record size, which allows\nremote attackers to cause a denial of service (out-of-bounds read) or\npossibly have unspecified other impact via a crafted TrueType font\n(CVE-2014-9657).\n\nThe tt_face_load_kern function in sfnt/ttkern.c in FreeType before\n2.5.4enforces an incorrect minimum table length, which allows remote\nattackers to cause a denial of service (out-of-bounds read) or\npossibly have unspecified other impact via a crafted TrueType font\n(CVE-2014-9658).\n\nThe _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before\n2.5.4 does not properly handle a missing ENDCHAR record, which allows\nremote attackers to cause a denial of service (NULL pointer\ndereference) or possibly have unspecified other impact via a crafted\nBDF font (CVE-2014-9660).\n\ntype42/t42parse.c in FreeType before 2.5.4 does not consider that\nscanning can be incomplete without triggering an error, which allows\nremote attackers to cause a denial of service (use-after-free) or\npossibly have unspecified other impact via a crafted Type42 font\n(CVE-2014-9661).\n\ncff/cf2ft.c in FreeType before 2.5.4 does not validate the return\nvalues of point-allocation functions, which allows remote attackers to\ncause a denial of service (heap-based buffer overflow) or possibly\nhave unspecified other impact via a crafted OTF font (CVE-2014-9662).\n\nThe tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before\n2.5.4 validates a certain length field before that field's value is\ncompletely calculated, which allows remote attackers to cause a denial\nof service (out-of-bounds read) or possibly have unspecified other\nimpact via a crafted cmap SFNT table (CVE-2014-9663).\n\nFreeType before 2.5.4 does not check for the end of the data during\ncertain parsing actions, which allows remote attackers to cause a\ndenial of service (out-of-bounds read) or possibly have unspecified\nother impact via a crafted Type42 font, related to type42/t42parse.c\nand type1/t1load.c (CVE-2014-9664).\n\nThe tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before\n2.5.4 proceeds with a count-to-size association without restricting\nthe count value, which allows remote attackers to cause a denial of\nservice (integer overflow and out-of-bounds read) or possibly have\nunspecified other impact via a crafted embedded bitmap\n(CVE-2014-9666).\n\nsfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length\ncalculations without restricting the values, which allows remote\nattackers to cause a denial of service (integer overflow and\nout-of-bounds read) or possibly have unspecified other impact via a\ncrafted SFNT table (CVE-2014-9667).\n\nMultiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4\nallow remote attackers to cause a denial of service (out-of-bounds\nread or memory corruption) or possibly have unspecified other impact\nvia a crafted cmap SFNT table (CVE-2014-9669).\n\nMultiple integer signedness errors in the pcf_get_encodings function\nin pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to\ncause a denial of service (integer overflow, NULL pointer dereference,\nand application crash) via a crafted PCF file that specifies negative\nvalues for the first column and first row (CVE-2014-9670).\n\nOff-by-one error in the pcf_get_properties function in pcf/pcfread.c\nin FreeType before 2.5.4 allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\nPCF file with a 0xffffffff size value that is improperly incremented\n(CVE-2014-9671).\n\nArray index error in the parse_fond function in base/ftmac.c in\nFreeType before 2.5.4 allows remote attackers to cause a denial of\nservice (out-of-bounds read) or obtain sensitive information from\nprocess memory via a crafted FOND resource in a Mac font file\n(CVE-2014-9672).\n\nInteger signedness error in the Mac_Read_POST_Resource function in\nbase/ftobjs.c in FreeType before 2.5.4 allows remote attackers to\ncause a denial of service (heap-based buffer overflow) or possibly\nhave unspecified other impact via a crafted Mac font (CVE-2014-9673).\n\nThe Mac_Read_POST_Resource function in base/ftobjs.c in FreeType\nbefore 2.5.4 proceeds with adding to length values without validating\nthe original values, which allows remote attackers to cause a denial\nof service (integer overflow and heap-based buffer overflow) or\npossibly have unspecified other impact via a crafted Mac font\n(CVE-2014-9674).\n\nbdf/bdflib.c in FreeType before 2.5.4 identifies property names by\nonly verifying that an initial substring is present, which allows\nremote attackers to discover heap pointer values and bypass the ASLR\nprotection mechanism via a crafted BDF font (CVE-2014-9675).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0130.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0526.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0083.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"freetype2-demos-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.5.0.1-5.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "hashmap": [{"hash": "85b8a83a30aa02cc3e2d54ff1f6abd96", "key": "modified"}, {"hash": "ffe498b4cc7a4b846fc867276ce98486", "key": "href"}, {"hash": "5db382f57aba45f3bf3985fdce45b02e", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "85b8a83a30aa02cc3e2d54ff1f6abd96", "key": "published"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "3e4880ab532e49d68806b01120fe17fd", "key": "title"}, {"hash": "4dbcaa2ec7584229b0a4ce33008fc342", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f89fdd33f1a82acbd4b81f7df7060a1a", "key": "references"}, {"hash": "3a65706285c554dae75db7c320a91c9b", "key": "cvelist"}, {"hash": "79d2600e69c36f6427ffeeabe92d824e", "key": "description"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "objectVersion": "1.2"}}], "description": "Updated freetype2 packages fix security vulnerabilities :\n\nIt was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow (CVE-2014-2240).\n\nIt was also reported that Freetype before 2.5.3 has a denial-of-service vulnerability in the CFF rasterizing code, due to a reachable assertion (CVE-2014-2241).\n\nIt was reported that Freetype before 2.5.4 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow. This is due to an incomplete fix for CVE-2014-2240.\n\nThe tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font (CVE-2014-9656).\n\nThe tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9657).\n\nThe tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9658).\n\nThe _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font (CVE-2014-9660).\n\ntype42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font (CVE-2014-9661).\n\ncff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font (CVE-2014-9662).\n\nThe tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9663).\n\nFreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c (CVE-2014-9664).\n\nThe tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap (CVE-2014-9666).\n\nsfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table (CVE-2014-9667).\n\nMultiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9669).\n\nMultiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row (CVE-2014-9670).\n\nOff-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented (CVE-2014-9671).\n\nArray index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file (CVE-2014-9672).\n\nInteger signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9673).\n\nThe Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9674).\n\nbdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font (CVE-2014-9675).", "hash": "2c6a2d7cb9ed09fc4939efb0d20cb7e36cb95aecf5a091916f0990ec081d680d", "enchantments": {"vulnersScore": 6.8}, "type": "nessus", "pluginID": "82342", "lastseen": "2017-10-29T13:39:29", "edition": 2, "cpe": ["cpe:/o:mandriva:business_server:2", "p-cpe:/a:mandriva:linux:lib64freetype6", "p-cpe:/a:mandriva:linux:lib64freetype6-static-devel", "p-cpe:/a:mandriva:linux:freetype2-demos", "p-cpe:/a:mandriva:linux:lib64freetype6-devel"], "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82342", "modified": "2015-03-30T00:00:00", "bulletinFamily": "scanner", "viewCount": 0, "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-2241", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-2240", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "references": ["http://advisories.mageia.org/MGASA-2014-0526.html", "http://advisories.mageia.org/MGASA-2014-0130.html", "http://advisories.mageia.org/MGASA-2015-0083.html"], "naslFamily": "Mandriva Local Security Checks", "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:089. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82342);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/03/30 13:59:00 $\");\n\n script_cve_id(\"CVE-2014-2240\", \"CVE-2014-2241\", \"CVE-2014-9656\", \"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9662\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9666\", \"CVE-2014-9667\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9672\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_xref(name:\"MDVSA\", value:\"2015:089\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype2 packages fix security vulnerabilities :\n\nIt was reported that Freetype before 2.5.3 suffers from an\nout-of-bounds stack-based read/write flaw in cf2_hintmap_build() in\nthe CFF rasterizing code, which could lead to a buffer overflow\n(CVE-2014-2240).\n\nIt was also reported that Freetype before 2.5.3 has a\ndenial-of-service vulnerability in the CFF rasterizing code, due to a\nreachable assertion (CVE-2014-2241).\n\nIt was reported that Freetype before 2.5.4 suffers from an\nout-of-bounds stack-based read/write flaw in cf2_hintmap_build() in\nthe CFF rasterizing code, which could lead to a buffer overflow. This\nis due to an incomplete fix for CVE-2014-2240.\n\nThe tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType\nbefore 2.5.4 does not properly check for an integer overflow, which\nallows remote attackers to cause a denial of service (out-of-bounds\nread) or possibly have unspecified other impact via a crafted OpenType\nfont (CVE-2014-9656).\n\nThe tt_face_load_hdmx function in truetype/ttpload.c in FreeType\nbefore 2.5.4 does not establish a minimum record size, which allows\nremote attackers to cause a denial of service (out-of-bounds read) or\npossibly have unspecified other impact via a crafted TrueType font\n(CVE-2014-9657).\n\nThe tt_face_load_kern function in sfnt/ttkern.c in FreeType before\n2.5.4enforces an incorrect minimum table length, which allows remote\nattackers to cause a denial of service (out-of-bounds read) or\npossibly have unspecified other impact via a crafted TrueType font\n(CVE-2014-9658).\n\nThe _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before\n2.5.4 does not properly handle a missing ENDCHAR record, which allows\nremote attackers to cause a denial of service (NULL pointer\ndereference) or possibly have unspecified other impact via a crafted\nBDF font (CVE-2014-9660).\n\ntype42/t42parse.c in FreeType before 2.5.4 does not consider that\nscanning can be incomplete without triggering an error, which allows\nremote attackers to cause a denial of service (use-after-free) or\npossibly have unspecified other impact via a crafted Type42 font\n(CVE-2014-9661).\n\ncff/cf2ft.c in FreeType before 2.5.4 does not validate the return\nvalues of point-allocation functions, which allows remote attackers to\ncause a denial of service (heap-based buffer overflow) or possibly\nhave unspecified other impact via a crafted OTF font (CVE-2014-9662).\n\nThe tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before\n2.5.4 validates a certain length field before that field's value is\ncompletely calculated, which allows remote attackers to cause a denial\nof service (out-of-bounds read) or possibly have unspecified other\nimpact via a crafted cmap SFNT table (CVE-2014-9663).\n\nFreeType before 2.5.4 does not check for the end of the data during\ncertain parsing actions, which allows remote attackers to cause a\ndenial of service (out-of-bounds read) or possibly have unspecified\nother impact via a crafted Type42 font, related to type42/t42parse.c\nand type1/t1load.c (CVE-2014-9664).\n\nThe tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before\n2.5.4 proceeds with a count-to-size association without restricting\nthe count value, which allows remote attackers to cause a denial of\nservice (integer overflow and out-of-bounds read) or possibly have\nunspecified other impact via a crafted embedded bitmap\n(CVE-2014-9666).\n\nsfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length\ncalculations without restricting the values, which allows remote\nattackers to cause a denial of service (integer overflow and\nout-of-bounds read) or possibly have unspecified other impact via a\ncrafted SFNT table (CVE-2014-9667).\n\nMultiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4\nallow remote attackers to cause a denial of service (out-of-bounds\nread or memory corruption) or possibly have unspecified other impact\nvia a crafted cmap SFNT table (CVE-2014-9669).\n\nMultiple integer signedness errors in the pcf_get_encodings function\nin pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to\ncause a denial of service (integer overflow, NULL pointer dereference,\nand application crash) via a crafted PCF file that specifies negative\nvalues for the first column and first row (CVE-2014-9670).\n\nOff-by-one error in the pcf_get_properties function in pcf/pcfread.c\nin FreeType before 2.5.4 allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\nPCF file with a 0xffffffff size value that is improperly incremented\n(CVE-2014-9671).\n\nArray index error in the parse_fond function in base/ftmac.c in\nFreeType before 2.5.4 allows remote attackers to cause a denial of\nservice (out-of-bounds read) or obtain sensitive information from\nprocess memory via a crafted FOND resource in a Mac font file\n(CVE-2014-9672).\n\nInteger signedness error in the Mac_Read_POST_Resource function in\nbase/ftobjs.c in FreeType before 2.5.4 allows remote attackers to\ncause a denial of service (heap-based buffer overflow) or possibly\nhave unspecified other impact via a crafted Mac font (CVE-2014-9673).\n\nThe Mac_Read_POST_Resource function in base/ftobjs.c in FreeType\nbefore 2.5.4 proceeds with adding to length values without validating\nthe original values, which allows remote attackers to cause a denial\nof service (integer overflow and heap-based buffer overflow) or\npossibly have unspecified other impact via a crafted Mac font\n(CVE-2014-9674).\n\nbdf/bdflib.c in FreeType before 2.5.4 identifies property names by\nonly verifying that an initial substring is present, which allows\nremote attackers to discover heap pointer values and bypass the ASLR\nprotection mechanism via a crafted BDF font (CVE-2014-9675).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0130.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0526.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0083.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"freetype2-demos-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.5.0.1-5.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "ddaeccb942bcbb037e7facb0ae6d2b5e", "key": "cpe"}, {"hash": "3a65706285c554dae75db7c320a91c9b", "key": "cvelist"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "79d2600e69c36f6427ffeeabe92d824e", "key": "description"}, {"hash": "ffe498b4cc7a4b846fc867276ce98486", "key": "href"}, {"hash": "85b8a83a30aa02cc3e2d54ff1f6abd96", "key": "modified"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "4dbcaa2ec7584229b0a4ce33008fc342", "key": "pluginID"}, {"hash": "85b8a83a30aa02cc3e2d54ff1f6abd96", "key": "published"}, {"hash": "f89fdd33f1a82acbd4b81f7df7060a1a", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "5db382f57aba45f3bf3985fdce45b02e", "key": "sourceData"}, {"hash": "3e4880ab532e49d68806b01120fe17fd", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "objectVersion": "1.3"}
{"result": {"cve": [{"id": "CVE-2014-9656", "type": "cve", "title": "CVE-2014-9656", "description": "The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.", "published": "2015-02-08T06:59:15", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9656", "cvelist": ["CVE-2014-9656"], "lastseen": "2017-07-01T10:43:13"}, {"id": "CVE-2014-9657", "type": "cve", "title": "CVE-2014-9657", "description": "The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.", "published": "2015-02-08T06:59:19", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9657", "cvelist": ["CVE-2014-9657"], "lastseen": "2017-07-01T10:43:13"}, {"id": "CVE-2014-9675", "type": "cve", "title": "CVE-2014-9675", "description": "bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.", "published": "2015-02-08T06:59:36", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9675", "cvelist": ["CVE-2014-9675"], "lastseen": "2017-07-01T10:43:13"}, {"id": "CVE-2014-9664", "type": "cve", "title": "CVE-2014-9664", "description": "FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.", "published": "2015-02-08T06:59:26", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9664", "cvelist": ["CVE-2014-9664"], "lastseen": "2017-07-01T10:43:13"}, {"id": "CVE-2014-9660", "type": "cve", "title": "CVE-2014-9660", "description": "The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.", "published": "2015-02-08T06:59:22", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9660", "cvelist": ["CVE-2014-9660"], "lastseen": "2017-07-01T10:43:13"}, {"id": "CVE-2014-9666", "type": "cve", "title": "CVE-2014-9666", "description": "The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap.", "published": "2015-02-08T06:59:28", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9666", "cvelist": ["CVE-2014-9666"], "lastseen": "2017-07-01T10:43:13"}, {"id": "CVE-2014-9671", "type": "cve", "title": "CVE-2014-9671", "description": "Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.", "published": "2015-02-08T06:59:32", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9671", "cvelist": ["CVE-2014-9671"], "lastseen": "2017-07-01T10:43:13"}, {"id": "CVE-2014-2241", "type": "cve", "title": "CVE-2014-2241", "description": "The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.", "published": "2014-03-18T13:04:18", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2241", "cvelist": ["CVE-2014-2241"], "lastseen": "2016-09-03T20:12:18"}, {"id": "CVE-2014-9658", "type": "cve", "title": "CVE-2014-9658", "description": "The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.", "published": "2015-02-08T06:59:20", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9658", "cvelist": ["CVE-2014-9658"], "lastseen": "2017-07-01T10:43:13"}, {"id": "CVE-2014-9674", "type": "cve", "title": "CVE-2014-9674", "description": "The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.", "published": "2015-02-08T06:59:35", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9674", "cvelist": ["CVE-2014-9674"], "lastseen": "2017-07-01T10:43:13"}], "f5": [{"id": "SOL16380", "type": "f5", "title": "SOL16380 - FreeType vulnerabilities CVE-2014-9656 and CVE-2014-9659", "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate these vulnerabilities by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate these vulnerabilities, you should permit access to the ARX device only over a secure network.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "published": "2015-04-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/16000/300/sol16380.html", "cvelist": ["CVE-2014-9656", "CVE-2014-9659", "CVE-2014-2240"], "lastseen": "2016-11-09T00:10:00"}, {"id": "F5:K16900", "type": "f5", "title": "Multiple FreeType vulnerabilities", "description": "\nF5 Product Development has assigned ID 531568 (BIG-IP), ID 531740 (BIG-IQ and Enterprise Manager), and ID 513595 (ARX) to these vulnerabilities, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H16900 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerabilities, and for information about releases or hotfixes that address the vulnerabilities, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.1 \n10.0.0 - 10.2.4| 12.1.0| Low1| FreeType package \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.1| 12.1.0| Low1| FreeType package \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low1| FreeType package \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.1| 12.1.0| Low1| FreeType package \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low1| FreeType package \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low1| FreeType package \nBIG-IP DNS| 12.0.0| 12.1.0| Low1| FreeType package \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low1| FreeType package \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| None| Low1| FreeType package \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low1| FreeType package \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low1| FreeType package \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low1| FreeType package \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low1| FreeType package \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low1| FreeType package \nARX| 6.0.0 - 6.4.0| None| Medium| FreeType library \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low1| FreeType package \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low1| FreeType package \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low1| FreeType package \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low1| FreeType package \nBIG-IQ ADC| 4.5.0| None| Low1| FreeType package \nBIG-IQ Centralized Management| 4.6.0| None| Low1| FreeType package \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low1| FreeType package \nLineRate| None| 2.5.0 - 2.6.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the **Severity **value. Security Advisory articles published before this date do not list a** Severity** value.\n\n1The FreeType package exists on the BIG-IP system but is not used in a way that exposes this vulnerability.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "published": "2015-07-10T01:14:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K16900", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "lastseen": "2017-06-08T06:18:14"}], "nessus": [{"id": "FEDORA_2015-2216.NASL", "type": "nessus", "title": "Fedora 20 : freetype-2.5.0-9.fc20 (2015-2216)", "description": "This update fixes several security issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-02-23T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81429", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "lastseen": "2017-10-29T13:35:53"}, {"id": "OPENSUSE-2015-274.NASL", "type": "nessus", "title": "openSUSE Security Update : freetype2 (openSUSE-2015-274)", "description": "freetype2 was updated to fix various vulnerabilities that could lead to crashes or potentially code execution when parsing fonts.", "published": "2015-03-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82461", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "lastseen": "2017-10-29T13:35:18"}, {"id": "SUSE_11_FREETYPE2-201503-150302.NASL", "type": "nessus", "title": "SuSE 11.3 Security Update : freetype2 (SAT Patch Number 10386)", "description": "The font rendering library freetype2 has been updated to fix various security issues.", "published": "2015-03-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81752", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "lastseen": "2017-10-29T13:35:22"}, {"id": "DEBIAN_DSA-3188.NASL", "type": "nessus", "title": "Debian DSA-3188-1 : freetype - security update", "description": "Mateusz Jurczyk discovered multiple vulnerabilities in Freetype.\nOpening malformed fonts may result in denial of service or the execution of arbitrary code.", "published": "2015-03-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81832", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "lastseen": "2017-10-29T13:39:09"}, {"id": "DEBIAN_DLA-185.NASL", "type": "nessus", "title": "Debian DLA-185-1 : freetype security update", "description": "Mateusz Jurczyk discovered multiple vulnerabilities in Freetype.\nOpening malformed fonts may result in denial of service or the execution of arbitrary code.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in version 2.4.2-2.1+squeeze5.\n\nFor the stable distribution (wheezy), these problems were fixed in version 2.4.9-1.1+deb7u1.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-04-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82479", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "lastseen": "2017-10-29T13:34:59"}, {"id": "GENTOO_GLSA-201503-05.NASL", "type": "nessus", "title": "GLSA-201503-05 : FreeType: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201503-05 (FreeType: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker can cause Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "published": "2015-03-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81690", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "lastseen": "2017-10-29T13:45:16"}, {"id": "FEDORA_2015-2237.NASL", "type": "nessus", "title": "Fedora 21 : freetype-2.5.3-15.fc21 (2015-2237)", "description": "This update fixes several security issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-02-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81415", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "lastseen": "2017-10-29T13:33:56"}, {"id": "MANDRIVA_MDVSA-2015-055.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:055)", "description": "Updated freetype2 packages fix security vulnerabilities :\n\nThe tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font (CVE-2014-9656).\n\nThe tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9657).\n\nThe tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9658).\n\nThe _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font (CVE-2014-9660).\n\ntype42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font (CVE-2014-9661).\n\nThe tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9663).\n\nFreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c (CVE-2014-9664).\n\nThe tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap (CVE-2014-9666).\n\nsfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table (CVE-2014-9667).\n\nMultiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9669).\n\nMultiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row (CVE-2014-9670).\n\nOff-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented (CVE-2014-9671).\n\nArray index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file (CVE-2014-9672).\n\nInteger signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9673).\n\nThe Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9674).\n\nbdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font (CVE-2014-9675).", "published": "2015-03-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81938", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "lastseen": "2017-10-29T13:33:01"}, {"id": "UBUNTU_USN-2510-1.NASL", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : freetype vulnerabilities (USN-2510-1)", "description": "Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-02-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81509", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "lastseen": "2017-10-29T13:39:48"}, {"id": "F5_BIGIP_SOL16900.NASL", "type": "nessus", "title": "F5 Networks BIG-IP : Multiple FreeType vulnerabilities (K16900)", "description": "CVE-2014-9657 The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.\n\nCVE-2014-9658 The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.\n\nCVE-2014-9660 The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.\n\nCVE-2014-9661 type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.\n\nCVE-2014-9663 The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.\n\nCVE-2014-9664 FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.\n\nCVE-2014-9667 sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.\n\nCVE-2014-9669 Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.\n\nCVE-2014-9670 Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.\n\nCVE-2014-9671 Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.\n\nCVE-2014-9673 Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.\n\nCVE-2014-9674 The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.\n\nCVE-2014-9675 bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.", "published": "2016-05-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=91368", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "lastseen": "2017-10-29T13:34:54"}], "openvas": [{"id": "OPENVAS:1361412562310703188", "type": "openvas", "title": "Debian Security Advisory DSA 3188-1 (freetype - security update)", "description": "Mateusz Jurczyk discovered multiple\nvulnerabilities in Freetype. Opening malformed fonts may result in denial of\nservice or the execution of arbitrary code.", "published": "2015-03-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703188", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "lastseen": "2018-04-06T11:25:09"}, {"id": "OPENVAS:1361412562310842099", "type": "openvas", "title": "Ubuntu Update for freetype USN-2510-1", "description": "Check the version of freetype", "published": "2015-02-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842099", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "lastseen": "2017-12-04T11:24:30"}, {"id": "OPENVAS:1361412562310869025", "type": "openvas", "title": "Fedora Update for freetype FEDORA-2015-2237", "description": "Check the version of freetype", "published": "2015-02-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869025", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "lastseen": "2017-07-25T10:52:34"}, {"id": "OPENVAS:703188", "type": "openvas", "title": "Debian Security Advisory DSA 3188-1 (freetype - security update)", "description": "Mateusz Jurczyk discovered multiple\nvulnerabilities in Freetype. Opening malformed fonts may result in denial of\nservice or the execution of arbitrary code.", "published": "2015-03-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703188", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "lastseen": "2017-07-24T12:52:34"}, {"id": "OPENVAS:1361412562310121359", "type": "openvas", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201503-05", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201503-05", "published": "2015-09-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121359", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "lastseen": "2018-04-09T11:30:53"}, {"id": "OPENVAS:1361412562310869027", "type": "openvas", "title": "Fedora Update for freetype FEDORA-2015-2216", "description": "Check the version of freetype", "published": "2015-02-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869027", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-2241", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-2240", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "lastseen": "2017-07-25T10:52:44"}, {"id": "OPENVAS:1361412562310882130", "type": "openvas", "title": "CentOS Update for freetype CESA-2015:0696 centos6 ", "description": "Check the version of freetype", "published": "2015-03-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882130", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "lastseen": "2017-07-25T10:53:31"}, {"id": "OPENVAS:1361412562310871337", "type": "openvas", "title": "RedHat Update for freetype RHSA-2015:0696-01", "description": "Check the version of freetype", "published": "2015-03-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871337", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "lastseen": "2017-07-27T10:52:54"}, {"id": "OPENVAS:1361412562310120367", "type": "openvas", "title": "Amazon Linux Local Check: ALAS-2015-502", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120367", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "lastseen": "2017-07-24T12:52:30"}, {"id": "OPENVAS:1361412562310882138", "type": "openvas", "title": "CentOS Update for freetype CESA-2015:0696 centos7 ", "description": "Check the version of freetype", "published": "2015-04-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882138", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "lastseen": "2017-07-25T10:52:48"}], "debian": [{"id": "DLA-185", "type": "debian", "title": "freetype -- LTS security update", "description": "Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in version 2.4.2-2.1+squeeze5.\n\nFor the stable distribution (wheezy), these problems were fixed in version 2.4.9-1.1+deb7u1.", "published": "2015-04-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/2015/dla-185", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "lastseen": "2016-09-02T12:56:37"}, {"id": "DSA-3188", "type": "debian", "title": "freetype -- security update", "description": "Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 2.4.9-1.1+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems have been fixed in version 2.5.2-3.\n\nFor the unstable distribution (sid), these problems have been fixed in version 2.5.2-3.\n\nWe recommend that you upgrade your freetype packages.", "published": "2015-03-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-3188", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "lastseen": "2017-10-05T13:00:18"}, {"id": "DSA-3461", "type": "debian", "title": "freetype -- security update", "description": "Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code.\n\nFor the oldstable distribution (wheezy), this problem has been fixed in version 2.4.9-1.1+deb7u3.\n\nWe recommend that you upgrade your freetype packages.", "published": "2016-01-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-3461", "cvelist": ["CVE-2014-9674"], "lastseen": "2017-10-05T12:57:50"}], "gentoo": [{"id": "GLSA-201503-05", "type": "gentoo", "title": "FreeType: Multiple vulnerabilities", "description": "### Background\n\nFreeType is a high-quality and portable font engine.\n\n### Description\n\nMultiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker can cause Denial of Service.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FreeType users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/freetype-2.5.5\"", "published": "2015-03-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201503-05", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "lastseen": "2016-09-06T19:46:48"}, {"id": "GLSA-201408-02", "type": "gentoo", "title": "FreeType: Arbitrary code execution", "description": "### Background\n\nFreeType is a high-quality and portable font engine.\n\n### Description\n\nA stack-based buffer overflow exists in Freetype\u2019s cf2_hintmap_build function in cff/cf2hints.c. \n\n### Impact\n\nA remote attacker may be able to execute arbitrary code or cause a Denial of Service condition via specially crafted font file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FreeType users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/freetype-2.5.3-r1\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.", "published": "2014-08-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201408-02", "cvelist": ["CVE-2014-2240"], "lastseen": "2016-09-06T19:47:05"}], "ubuntu": [{"id": "USN-2510-1", "type": "ubuntu", "title": "FreeType vulnerabilities", "description": "Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.", "published": "2015-02-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2510-1/", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "lastseen": "2018-03-29T18:20:52"}, {"id": "USN-2739-1", "type": "ubuntu", "title": "FreeType vulnerabilities", "description": "It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or hang, resulting in a denial of service, or possibly expose uninitialized memory.", "published": "2015-09-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2739-1/", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9745", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-0674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "lastseen": "2018-03-29T18:17:48"}, {"id": "USN-2148-1", "type": "ubuntu", "title": "FreeType vulnerabilities", "description": "Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2014-2240, CVE-2014-2241)", "published": "2014-03-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2148-1/", "cvelist": ["CVE-2014-2241", "CVE-2014-2240"], "lastseen": "2018-03-29T18:17:17"}], "amazon": [{"id": "ALAS-2015-502", "type": "amazon", "title": "Important: freetype", "description": "**Issue Overview:**\n\nMultiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. ([CVE-2014-9673 __](<https://access.redhat.com/security/cve/CVE-2014-9673>), [CVE-2014-9674 __](<https://access.redhat.com/security/cve/CVE-2014-9674>))\n\nMultiple flaws were found in the way FreeType handled fonts in various formats. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, possibly, disclose a portion of the application memory. ([CVE-2014-9657 __](<https://access.redhat.com/security/cve/CVE-2014-9657>), [CVE-2014-9658 __](<https://access.redhat.com/security/cve/CVE-2014-9658>), [CVE-2014-9660 __](<https://access.redhat.com/security/cve/CVE-2014-9660>), [CVE-2014-9661 __](<https://access.redhat.com/security/cve/CVE-2014-9661>), [CVE-2014-9663 __](<https://access.redhat.com/security/cve/CVE-2014-9663>), [CVE-2014-9664 __](<https://access.redhat.com/security/cve/CVE-2014-9664>), [CVE-2014-9667 __](<https://access.redhat.com/security/cve/CVE-2014-9667>), [CVE-2014-9669 __](<https://access.redhat.com/security/cve/CVE-2014-9669>), [CVE-2014-9670 __](<https://access.redhat.com/security/cve/CVE-2014-9670>), [CVE-2014-9671 __](<https://access.redhat.com/security/cve/CVE-2014-9671>), [CVE-2014-9675 __](<https://access.redhat.com/security/cve/CVE-2014-9675>))\n\n \n**Affected Packages:** \n\n\nfreetype\n\n \n**Issue Correction:** \nRun _yum update freetype_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n freetype-debuginfo-2.3.11-15.14.amzn1.i686 \n freetype-demos-2.3.11-15.14.amzn1.i686 \n freetype-2.3.11-15.14.amzn1.i686 \n freetype-devel-2.3.11-15.14.amzn1.i686 \n \n src: \n freetype-2.3.11-15.14.amzn1.src \n \n x86_64: \n freetype-debuginfo-2.3.11-15.14.amzn1.x86_64 \n freetype-demos-2.3.11-15.14.amzn1.x86_64 \n freetype-devel-2.3.11-15.14.amzn1.x86_64 \n freetype-2.3.11-15.14.amzn1.x86_64 \n \n \n", "published": "2015-04-01T13:56:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2015-502.html", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "lastseen": "2016-09-28T21:03:59"}], "centos": [{"id": "CESA-2015:0696", "type": "centos", "title": "freetype security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:0696\n\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently.\n\nMultiple integer overflow flaws and an integer signedness flaw, leading to\nheap-based buffer overflows, were found in the way FreeType handled Mac\nfonts. If a specially crafted font file was loaded by an application linked\nagainst FreeType, it could cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2014-9673, CVE-2014-9674)\n\nMultiple flaws were found in the way FreeType handled fonts in various\nformats. If a specially crafted font file was loaded by an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, disclose a portion of the application memory. (CVE-2014-9657,\nCVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664,\nCVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9675)\n\nAll freetype users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021019.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0696.html", "published": "2015-04-01T03:14:59", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/021019.html", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "lastseen": "2018-04-10T05:09:07"}], "redhat": [{"id": "RHSA-2015:0696", "type": "redhat", "title": "(RHSA-2015:0696) Important: freetype security update", "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently.\n\nMultiple integer overflow flaws and an integer signedness flaw, leading to\nheap-based buffer overflows, were found in the way FreeType handled Mac\nfonts. If a specially crafted font file was loaded by an application linked\nagainst FreeType, it could cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2014-9673, CVE-2014-9674)\n\nMultiple flaws were found in the way FreeType handled fonts in various\nformats. If a specially crafted font file was loaded by an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, disclose a portion of the application memory. (CVE-2014-9657,\nCVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664,\nCVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9675)\n\nAll freetype users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\n", "published": "2015-03-17T04:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0696", "cvelist": ["CVE-2014-9657", "CVE-2014-9658", "CVE-2014-9660", "CVE-2014-9661", "CVE-2014-9663", "CVE-2014-9664", "CVE-2014-9667", "CVE-2014-9669", "CVE-2014-9670", "CVE-2014-9671", "CVE-2014-9673", "CVE-2014-9674", "CVE-2014-9675"], "lastseen": "2018-04-15T18:30:08"}], "oraclelinux": [{"id": "ELSA-2015-0696", "type": "oraclelinux", "title": "freetype security update", "description": "[2.3.11-15.el6_6.1]\n- Fixes CVE-2014-9657\n - Check minimum size of record_size.\n- Fixes CVE-2014-9658\n - Use correct value for minimum table length test.\n- Fixes CVE-2014-9675\n - New macro that checks one character more than strncmp.\n- Fixes CVE-2014-9660\n - Check _BDF_GLYPH_BITS.\n- Fixes CVE-2014-9661\n - Initialize face->ttf_size.\n - Always set face->ttf_size directly.\n - Exclusively use the truetype font driver for loading\n the font contained in the sfnts array.\n- Fixes CVE-2014-9663\n - Fix order of validity tests.\n- Fixes CVE-2014-9664\n - Add another boundary testing.\n - Fix boundary testing.\n- Fixes CVE-2014-9667\n - Protect against addition overflow.\n- Fixes CVE-2014-9669\n - Protect against overflow in additions and multiplications.\n- Fixes CVE-2014-9670\n - Add sanity checks for row and column values.\n- Fixes CVE-2014-9671\n - Check size and offset values.\n- Fixes CVE-2014-9673\n - Fix integer overflow by a broken POST table in resource-fork.\n- Fixes CVE-2014-9674\n - Fix integer overflow by a broken POST table in resource-fork.\n - Additional overflow check in the summation of POST fragment lengths.\n- Work around behaviour of X11s pcfWriteFont and pcfReadFont functions\n- Resolves: #1197737\n[2.3.11-15]\n- Fix CVE-2012-5669\n (Use correct array size for checking glyph_enc)\n- Resolves: #903543", "published": "2015-03-17T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-0696.html", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2012-5669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "lastseen": "2016-09-04T11:16:42"}], "seebug": [{"id": "SSV:61739", "type": "seebug", "title": "FreeType 'src/cff/cf2ft.c'\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "description": "BUGTRAQ ID: 66292\r\nCVE ID:CVE-2014-2241\r\n\r\nFreeType\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5b57\u4f53\u51fd\u6570\u5e93\u3002\r\n\r\nFreeType 'src/cff/cf2ft.c'\u4e2d\u7684cf2_initLocalRegionBuffer,\r\ncf2_initGlobalRegionBuffer\u51fd\u6570\u5b58\u5728\u4e00\u4e2a\u65ad\u8a00\u5931\u8d25\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610f\u5b57\u4f53\uff0c\u8bf1\u4f7f\u5e94\u7528\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\n0\nFreeType < 2.5.3\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nFreeType\r\n-----\r\n\u7528\u6237\u53ef\u53c2\u8003\u5382\u5546\u7684GIT\u5e93\u4ee5\u83b7\u5f97\u8865\u4e01\u4fee\u590d\u6b64\u6f0f\u6d1e\uff1a\r\nhttp://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969", "published": "2014-03-11T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-61739", "cvelist": ["CVE-2014-2241"], "lastseen": "2017-11-19T17:31:55"}, {"id": "SSV:61740", "type": "seebug", "title": "FreeType 'src/cff/cf2hints.c'\u8fdc\u7a0b\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "description": "Bugtraq ID:66074\r\nCVE ID:CVE-2014-2240\r\n\r\nFreeType\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5b57\u4f53\u51fd\u6570\u5e93\u3002\r\n\r\nFreeType 'src/cff/cf2hints.c' cf2_hintmap_build()\u51fd\u6570\u5904\u7406'stem hints'\u5b58\u5728\u4e00\u4e2a\u8d8a\u754c\u57fa\u4e8e\u6808\u7684\u8bfb/\u5199\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610f\u5b57\u4f53\uff0c\u8bf1\u4f7f\u5e94\u7528\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\n0\nFreeType < 2.5.3\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nFreeType\r\n-----\r\n\u7528\u6237\u53ef\u53c2\u8003\u5382\u5546\u7684GIT\u5e93\u4ee5\u83b7\u5f97\u8865\u4e01\u4fee\u590d\u6b64\u6f0f\u6d1e\uff1a\r\nhttp://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0eae6eb0645264c98812f0095e0f5df4541830e6", "published": "2014-03-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-61740", "cvelist": ["CVE-2014-2240"], "lastseen": "2017-11-19T17:36:19"}], "freebsd": [{"id": "567BEB1E-7E0A-11E4-B9CC-BCAEC565249C", "type": "freebsd", "title": "freetype -- Out of bounds stack-based read/write", "description": "\nWerner LEMBERG reports:\n\nThe fix for CVE-2014-2240 was not 100% complete to fix the issue\n\t from the CVE completly.\n\n", "published": "2014-12-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/567beb1e-7e0a-11e4-b9cc-bcaec565249c.html", "cvelist": ["CVE-2014-2240"], "lastseen": "2016-09-26T17:24:22"}], "slackware": [{"id": "SSA-2015-016-01", "type": "slackware", "title": "freetype", "description": "New freetype packages are available for Slackware 13.0, 13.1, 13.37, 14.0,\n14.1, and -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/freetype-2.5.5-i486-1_slack14.1.txz: Upgraded.\n This release fixes a security bug that could cause freetype to crash\n or run programs upon opening a specially crafted file.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2240\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/freetype-2.5.5-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/freetype-2.5.5-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/freetype-2.5.5-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/freetype-2.5.5-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/freetype-2.5.5-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/freetype-2.5.5-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/freetype-2.5.5-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/freetype-2.5.5-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/freetype-2.5.5-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/freetype-2.5.5-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/freetype-2.5.5-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/freetype-2.5.5-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n5603c6a53d1fbee8e8f01879f1fcbbb2 freetype-2.5.5-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nfcb14986e9f52b44a07c16533e668a5c freetype-2.5.5-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\nc0f054d3ad06c6f5802e0d1cd4f02d6c freetype-2.5.5-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\nbf19003d860e2f474722a3da0c0978d8 freetype-2.5.5-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n35e11b41d3001dc788f8d7ed29912fec freetype-2.5.5-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\nf516408bf21bae72bd81a06624589ac5 freetype-2.5.5-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\na2c4fa29040f789e6e0ba3d0a91587ae freetype-2.5.5-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\naccf23f2ccbe1d312ea718fc6545e984 freetype-2.5.5-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ne3288d46df60ab3e357578edcf662f7e freetype-2.5.5-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nf48f40e74dfa41312694823a6ad01676 freetype-2.5.5-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nc62847fd2ed8df065fb171efd7a05389 l/freetype-2.5.5-i486-1.txz\n\nSlackware x86_64 -current package:\nfb2f05f049de82f4133e9c7f19efa10e l/freetype-2.5.5-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg freetype-2.5.5-i486-1_slack14.1.txz", "published": "2015-01-16T22:43:52", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.508136", "cvelist": ["CVE-2014-2240"], "lastseen": "2018-02-02T18:11:33"}]}}