{"id": "MANDRIVA_MDVSA-2015-089.NASL", "bulletinFamily": "scanner", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)", "description": "Updated freetype2 packages fix security vulnerabilities :\n\nIt was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow (CVE-2014-2240).\n\nIt was also reported that Freetype before 2.5.3 has a denial-of-service vulnerability in the CFF rasterizing code, due to a reachable assertion (CVE-2014-2241).\n\nIt was reported that Freetype before 2.5.4 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow. This is due to an incomplete fix for CVE-2014-2240.\n\nThe tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font (CVE-2014-9656).\n\nThe tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9657).\n\nThe tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9658).\n\nThe _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font (CVE-2014-9660).\n\ntype42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font (CVE-2014-9661).\n\ncff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font (CVE-2014-9662).\n\nThe tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9663).\n\nFreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c (CVE-2014-9664).\n\nThe tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap (CVE-2014-9666).\n\nsfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table (CVE-2014-9667).\n\nMultiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9669).\n\nMultiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row (CVE-2014-9670).\n\nOff-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented (CVE-2014-9671).\n\nArray index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file (CVE-2014-9672).\n\nInteger signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9673).\n\nThe Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9674).\n\nbdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font (CVE-2014-9675).", "published": "2015-03-30T00:00:00", "modified": "2018-07-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82342", "reporter": "Tenable", "references": ["http://advisories.mageia.org/MGASA-2014-0526.html", "http://advisories.mageia.org/MGASA-2014-0130.html", "http://advisories.mageia.org/MGASA-2015-0083.html"], "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-2241", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-2240", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "type": "nessus", "lastseen": "2018-09-01T23:50:55", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-2241", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-2240", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Updated freetype2 packages fix security vulnerabilities :\n\nIt was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow (CVE-2014-2240).\n\nIt was also reported that Freetype before 2.5.3 has a denial-of-service vulnerability in the CFF rasterizing code, due to a reachable assertion (CVE-2014-2241).\n\nIt was reported that Freetype before 2.5.4 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow. This is due to an incomplete fix for CVE-2014-2240.\n\nThe tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font (CVE-2014-9656).\n\nThe tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9657).\n\nThe tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9658).\n\nThe _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font (CVE-2014-9660).\n\ntype42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font (CVE-2014-9661).\n\ncff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font (CVE-2014-9662).\n\nThe tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9663).\n\nFreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c (CVE-2014-9664).\n\nThe tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap (CVE-2014-9666).\n\nsfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table (CVE-2014-9667).\n\nMultiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9669).\n\nMultiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row (CVE-2014-9670).\n\nOff-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented (CVE-2014-9671).\n\nArray index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file (CVE-2014-9672).\n\nInteger signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9673).\n\nThe Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9674).\n\nbdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font (CVE-2014-9675).", "edition": 1, "enchantments": {}, "hash": "fc1b7e75561bf023086a7b18f9280ed89fb8d4e8803136111ebbd76bea1713d3", "hashmap": [{"hash": "85b8a83a30aa02cc3e2d54ff1f6abd96", "key": "modified"}, {"hash": "ffe498b4cc7a4b846fc867276ce98486", "key": "href"}, {"hash": "5db382f57aba45f3bf3985fdce45b02e", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "85b8a83a30aa02cc3e2d54ff1f6abd96", "key": "published"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "3e4880ab532e49d68806b01120fe17fd", "key": "title"}, {"hash": "4dbcaa2ec7584229b0a4ce33008fc342", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f89fdd33f1a82acbd4b81f7df7060a1a", "key": "references"}, {"hash": "3a65706285c554dae75db7c320a91c9b", "key": "cvelist"}, {"hash": "79d2600e69c36f6427ffeeabe92d824e", "key": "description"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=82342", "id": "MANDRIVA_MDVSA-2015-089.NASL", "lastseen": "2016-09-26T17:25:00", "modified": "2015-03-30T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.2", "pluginID": "82342", "published": "2015-03-30T00:00:00", "references": ["http://advisories.mageia.org/MGASA-2014-0526.html", "http://advisories.mageia.org/MGASA-2014-0130.html", "http://advisories.mageia.org/MGASA-2015-0083.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:089. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82342);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/03/30 13:59:00 $\");\n\n script_cve_id(\"CVE-2014-2240\", \"CVE-2014-2241\", \"CVE-2014-9656\", \"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9662\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9666\", \"CVE-2014-9667\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9672\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_xref(name:\"MDVSA\", value:\"2015:089\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype2 packages fix security vulnerabilities :\n\nIt was reported that Freetype before 2.5.3 suffers from an\nout-of-bounds stack-based read/write flaw in cf2_hintmap_build() in\nthe CFF rasterizing code, which could lead to a buffer overflow\n(CVE-2014-2240).\n\nIt was also reported that Freetype before 2.5.3 has a\ndenial-of-service vulnerability in the CFF rasterizing code, due to a\nreachable assertion (CVE-2014-2241).\n\nIt was reported that Freetype before 2.5.4 suffers from an\nout-of-bounds stack-based read/write flaw in cf2_hintmap_build() in\nthe CFF rasterizing code, which could lead to a buffer overflow. This\nis due to an incomplete fix for CVE-2014-2240.\n\nThe tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType\nbefore 2.5.4 does not properly check for an integer overflow, which\nallows remote attackers to cause a denial of service (out-of-bounds\nread) or possibly have unspecified other impact via a crafted OpenType\nfont (CVE-2014-9656).\n\nThe tt_face_load_hdmx function in truetype/ttpload.c in FreeType\nbefore 2.5.4 does not establish a minimum record size, which allows\nremote attackers to cause a denial of service (out-of-bounds read) or\npossibly have unspecified other impact via a crafted TrueType font\n(CVE-2014-9657).\n\nThe tt_face_load_kern function in sfnt/ttkern.c in FreeType before\n2.5.4enforces an incorrect minimum table length, which allows remote\nattackers to cause a denial of service (out-of-bounds read) or\npossibly have unspecified other impact via a crafted TrueType font\n(CVE-2014-9658).\n\nThe _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before\n2.5.4 does not properly handle a missing ENDCHAR record, which allows\nremote attackers to cause a denial of service (NULL pointer\ndereference) or possibly have unspecified other impact via a crafted\nBDF font (CVE-2014-9660).\n\ntype42/t42parse.c in FreeType before 2.5.4 does not consider that\nscanning can be incomplete without triggering an error, which allows\nremote attackers to cause a denial of service (use-after-free) or\npossibly have unspecified other impact via a crafted Type42 font\n(CVE-2014-9661).\n\ncff/cf2ft.c in FreeType before 2.5.4 does not validate the return\nvalues of point-allocation functions, which allows remote attackers to\ncause a denial of service (heap-based buffer overflow) or possibly\nhave unspecified other impact via a crafted OTF font (CVE-2014-9662).\n\nThe tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before\n2.5.4 validates a certain length field before that field's value is\ncompletely calculated, which allows remote attackers to cause a denial\nof service (out-of-bounds read) or possibly have unspecified other\nimpact via a crafted cmap SFNT table (CVE-2014-9663).\n\nFreeType before 2.5.4 does not check for the end of the data during\ncertain parsing actions, which allows remote attackers to cause a\ndenial of service (out-of-bounds read) or possibly have unspecified\nother impact via a crafted Type42 font, related to type42/t42parse.c\nand type1/t1load.c (CVE-2014-9664).\n\nThe tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before\n2.5.4 proceeds with a count-to-size association without restricting\nthe count value, which allows remote attackers to cause a denial of\nservice (integer overflow and out-of-bounds read) or possibly have\nunspecified other impact via a crafted embedded bitmap\n(CVE-2014-9666).\n\nsfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length\ncalculations without restricting the values, which allows remote\nattackers to cause a denial of service (integer overflow and\nout-of-bounds read) or possibly have unspecified other impact via a\ncrafted SFNT table (CVE-2014-9667).\n\nMultiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4\nallow remote attackers to cause a denial of service (out-of-bounds\nread or memory corruption) or possibly have unspecified other impact\nvia a crafted cmap SFNT table (CVE-2014-9669).\n\nMultiple integer signedness errors in the pcf_get_encodings function\nin pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to\ncause a denial of service (integer overflow, NULL pointer dereference,\nand application crash) via a crafted PCF file that specifies negative\nvalues for the first column and first row (CVE-2014-9670).\n\nOff-by-one error in the pcf_get_properties function in pcf/pcfread.c\nin FreeType before 2.5.4 allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\nPCF file with a 0xffffffff size value that is improperly incremented\n(CVE-2014-9671).\n\nArray index error in the parse_fond function in base/ftmac.c in\nFreeType before 2.5.4 allows remote attackers to cause a denial of\nservice (out-of-bounds read) or obtain sensitive information from\nprocess memory via a crafted FOND resource in a Mac font file\n(CVE-2014-9672).\n\nInteger signedness error in the Mac_Read_POST_Resource function in\nbase/ftobjs.c in FreeType before 2.5.4 allows remote attackers to\ncause a denial of service (heap-based buffer overflow) or possibly\nhave unspecified other impact via a crafted Mac font (CVE-2014-9673).\n\nThe Mac_Read_POST_Resource function in base/ftobjs.c in FreeType\nbefore 2.5.4 proceeds with adding to length values without validating\nthe original values, which allows remote attackers to cause a denial\nof service (integer overflow and heap-based buffer overflow) or\npossibly have unspecified other impact via a crafted Mac font\n(CVE-2014-9674).\n\nbdf/bdflib.c in FreeType before 2.5.4 identifies property names by\nonly verifying that an initial substring is present, which allows\nremote attackers to discover heap pointer values and bypass the ASLR\nprotection mechanism via a crafted BDF font (CVE-2014-9675).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0130.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0526.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0083.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"freetype2-demos-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.5.0.1-5.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:00"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:mandriva:business_server:2", "p-cpe:/a:mandriva:linux:lib64freetype6", "p-cpe:/a:mandriva:linux:lib64freetype6-static-devel", "p-cpe:/a:mandriva:linux:freetype2-demos", "p-cpe:/a:mandriva:linux:lib64freetype6-devel"], "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-2241", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-2240", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Updated freetype2 packages fix security vulnerabilities :\n\nIt was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow (CVE-2014-2240).\n\nIt was also reported that Freetype before 2.5.3 has a denial-of-service vulnerability in the CFF rasterizing code, due to a reachable assertion (CVE-2014-2241).\n\nIt was reported that Freetype before 2.5.4 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow. This is due to an incomplete fix for CVE-2014-2240.\n\nThe tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font (CVE-2014-9656).\n\nThe tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9657).\n\nThe tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9658).\n\nThe _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font (CVE-2014-9660).\n\ntype42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font (CVE-2014-9661).\n\ncff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font (CVE-2014-9662).\n\nThe tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9663).\n\nFreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c (CVE-2014-9664).\n\nThe tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap (CVE-2014-9666).\n\nsfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table (CVE-2014-9667).\n\nMultiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9669).\n\nMultiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row (CVE-2014-9670).\n\nOff-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented (CVE-2014-9671).\n\nArray index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file (CVE-2014-9672).\n\nInteger signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9673).\n\nThe Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9674).\n\nbdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font (CVE-2014-9675).", "edition": 4, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "1add5b04331ba9491c71df398b75f5d7e1809e3261a54977ba5cc299cfe534c0", "hashmap": [{"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "ffe498b4cc7a4b846fc867276ce98486", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "85b8a83a30aa02cc3e2d54ff1f6abd96", "key": "published"}, {"hash": "ddaeccb942bcbb037e7facb0ae6d2b5e", "key": "cpe"}, {"hash": "3e4880ab532e49d68806b01120fe17fd", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "4dbcaa2ec7584229b0a4ce33008fc342", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "b0f63e472d23aa51e5761e9549d21f6e", "key": "sourceData"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f89fdd33f1a82acbd4b81f7df7060a1a", "key": "references"}, {"hash": "3a65706285c554dae75db7c320a91c9b", "key": "cvelist"}, {"hash": "79d2600e69c36f6427ffeeabe92d824e", "key": "description"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=82342", "id": "MANDRIVA_MDVSA-2015-089.NASL", "lastseen": "2018-08-30T19:44:47", "modified": "2018-07-19T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "82342", "published": "2015-03-30T00:00:00", "references": ["http://advisories.mageia.org/MGASA-2014-0526.html", "http://advisories.mageia.org/MGASA-2014-0130.html", "http://advisories.mageia.org/MGASA-2015-0083.html"], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:089. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82342);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/07/19 20:59:19\");\n\n script_cve_id(\"CVE-2014-2240\", \"CVE-2014-2241\", \"CVE-2014-9656\", \"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9662\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9666\", \"CVE-2014-9667\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9672\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_xref(name:\"MDVSA\", value:\"2015:089\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype2 packages fix security vulnerabilities :\n\nIt was reported that Freetype before 2.5.3 suffers from an\nout-of-bounds stack-based read/write flaw in cf2_hintmap_build() in\nthe CFF rasterizing code, which could lead to a buffer overflow\n(CVE-2014-2240).\n\nIt was also reported that Freetype before 2.5.3 has a\ndenial-of-service vulnerability in the CFF rasterizing code, due to a\nreachable assertion (CVE-2014-2241).\n\nIt was reported that Freetype before 2.5.4 suffers from an\nout-of-bounds stack-based read/write flaw in cf2_hintmap_build() in\nthe CFF rasterizing code, which could lead to a buffer overflow. This\nis due to an incomplete fix for CVE-2014-2240.\n\nThe tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType\nbefore 2.5.4 does not properly check for an integer overflow, which\nallows remote attackers to cause a denial of service (out-of-bounds\nread) or possibly have unspecified other impact via a crafted OpenType\nfont (CVE-2014-9656).\n\nThe tt_face_load_hdmx function in truetype/ttpload.c in FreeType\nbefore 2.5.4 does not establish a minimum record size, which allows\nremote attackers to cause a denial of service (out-of-bounds read) or\npossibly have unspecified other impact via a crafted TrueType font\n(CVE-2014-9657).\n\nThe tt_face_load_kern function in sfnt/ttkern.c in FreeType before\n2.5.4enforces an incorrect minimum table length, which allows remote\nattackers to cause a denial of service (out-of-bounds read) or\npossibly have unspecified other impact via a crafted TrueType font\n(CVE-2014-9658).\n\nThe _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before\n2.5.4 does not properly handle a missing ENDCHAR record, which allows\nremote attackers to cause a denial of service (NULL pointer\ndereference) or possibly have unspecified other impact via a crafted\nBDF font (CVE-2014-9660).\n\ntype42/t42parse.c in FreeType before 2.5.4 does not consider that\nscanning can be incomplete without triggering an error, which allows\nremote attackers to cause a denial of service (use-after-free) or\npossibly have unspecified other impact via a crafted Type42 font\n(CVE-2014-9661).\n\ncff/cf2ft.c in FreeType before 2.5.4 does not validate the return\nvalues of point-allocation functions, which allows remote attackers to\ncause a denial of service (heap-based buffer overflow) or possibly\nhave unspecified other impact via a crafted OTF font (CVE-2014-9662).\n\nThe tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before\n2.5.4 validates a certain length field before that field's value is\ncompletely calculated, which allows remote attackers to cause a denial\nof service (out-of-bounds read) or possibly have unspecified other\nimpact via a crafted cmap SFNT table (CVE-2014-9663).\n\nFreeType before 2.5.4 does not check for the end of the data during\ncertain parsing actions, which allows remote attackers to cause a\ndenial of service (out-of-bounds read) or possibly have unspecified\nother impact via a crafted Type42 font, related to type42/t42parse.c\nand type1/t1load.c (CVE-2014-9664).\n\nThe tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before\n2.5.4 proceeds with a count-to-size association without restricting\nthe count value, which allows remote attackers to cause a denial of\nservice (integer overflow and out-of-bounds read) or possibly have\nunspecified other impact via a crafted embedded bitmap\n(CVE-2014-9666).\n\nsfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length\ncalculations without restricting the values, which allows remote\nattackers to cause a denial of service (integer overflow and\nout-of-bounds read) or possibly have unspecified other impact via a\ncrafted SFNT table (CVE-2014-9667).\n\nMultiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4\nallow remote attackers to cause a denial of service (out-of-bounds\nread or memory corruption) or possibly have unspecified other impact\nvia a crafted cmap SFNT table (CVE-2014-9669).\n\nMultiple integer signedness errors in the pcf_get_encodings function\nin pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to\ncause a denial of service (integer overflow, NULL pointer dereference,\nand application crash) via a crafted PCF file that specifies negative\nvalues for the first column and first row (CVE-2014-9670).\n\nOff-by-one error in the pcf_get_properties function in pcf/pcfread.c\nin FreeType before 2.5.4 allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\nPCF file with a 0xffffffff size value that is improperly incremented\n(CVE-2014-9671).\n\nArray index error in the parse_fond function in base/ftmac.c in\nFreeType before 2.5.4 allows remote attackers to cause a denial of\nservice (out-of-bounds read) or obtain sensitive information from\nprocess memory via a crafted FOND resource in a Mac font file\n(CVE-2014-9672).\n\nInteger signedness error in the Mac_Read_POST_Resource function in\nbase/ftobjs.c in FreeType before 2.5.4 allows remote attackers to\ncause a denial of service (heap-based buffer overflow) or possibly\nhave unspecified other impact via a crafted Mac font (CVE-2014-9673).\n\nThe Mac_Read_POST_Resource function in base/ftobjs.c in FreeType\nbefore 2.5.4 proceeds with adding to length values without validating\nthe original values, which allows remote attackers to cause a denial\nof service (integer overflow and heap-based buffer overflow) or\npossibly have unspecified other impact via a crafted Mac font\n(CVE-2014-9674).\n\nbdf/bdflib.c in FreeType before 2.5.4 identifies property names by\nonly verifying that an initial substring is present, which allows\nremote attackers to discover heap pointer values and bypass the ASLR\nprotection mechanism via a crafted BDF font (CVE-2014-9675).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0130.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0526.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0083.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"freetype2-demos-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.5.0.1-5.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:44:47"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:mandriva:business_server:2", "p-cpe:/a:mandriva:linux:lib64freetype6", "p-cpe:/a:mandriva:linux:lib64freetype6-static-devel", "p-cpe:/a:mandriva:linux:freetype2-demos", "p-cpe:/a:mandriva:linux:lib64freetype6-devel"], "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-2241", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-2240", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Updated freetype2 packages fix security vulnerabilities :\n\nIt was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow (CVE-2014-2240).\n\nIt was also reported that Freetype before 2.5.3 has a denial-of-service vulnerability in the CFF rasterizing code, due to a reachable assertion (CVE-2014-2241).\n\nIt was reported that Freetype before 2.5.4 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow. This is due to an incomplete fix for CVE-2014-2240.\n\nThe tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font (CVE-2014-9656).\n\nThe tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9657).\n\nThe tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9658).\n\nThe _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font (CVE-2014-9660).\n\ntype42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font (CVE-2014-9661).\n\ncff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font (CVE-2014-9662).\n\nThe tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9663).\n\nFreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c (CVE-2014-9664).\n\nThe tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap (CVE-2014-9666).\n\nsfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table (CVE-2014-9667).\n\nMultiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9669).\n\nMultiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row (CVE-2014-9670).\n\nOff-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented (CVE-2014-9671).\n\nArray index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file (CVE-2014-9672).\n\nInteger signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9673).\n\nThe Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9674).\n\nbdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font (CVE-2014-9675).", "edition": 3, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "aa696e6fbb273d972328a957e4c04a8bf4a9a907bdec198eac3c61ea7e5af0cb", "hashmap": [{"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "ffe498b4cc7a4b846fc867276ce98486", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "85b8a83a30aa02cc3e2d54ff1f6abd96", "key": "published"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "ddaeccb942bcbb037e7facb0ae6d2b5e", "key": "cpe"}, {"hash": "3e4880ab532e49d68806b01120fe17fd", "key": "title"}, {"hash": "4dbcaa2ec7584229b0a4ce33008fc342", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "b0f63e472d23aa51e5761e9549d21f6e", "key": "sourceData"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f89fdd33f1a82acbd4b81f7df7060a1a", "key": "references"}, {"hash": "3a65706285c554dae75db7c320a91c9b", "key": "cvelist"}, {"hash": "79d2600e69c36f6427ffeeabe92d824e", "key": "description"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=82342", "id": "MANDRIVA_MDVSA-2015-089.NASL", "lastseen": "2018-08-02T08:00:36", "modified": "2018-07-19T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "82342", "published": "2015-03-30T00:00:00", "references": ["http://advisories.mageia.org/MGASA-2014-0526.html", "http://advisories.mageia.org/MGASA-2014-0130.html", "http://advisories.mageia.org/MGASA-2015-0083.html"], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:089. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82342);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/07/19 20:59:19\");\n\n script_cve_id(\"CVE-2014-2240\", \"CVE-2014-2241\", \"CVE-2014-9656\", \"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9662\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9666\", \"CVE-2014-9667\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9672\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_xref(name:\"MDVSA\", value:\"2015:089\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype2 packages fix security vulnerabilities :\n\nIt was reported that Freetype before 2.5.3 suffers from an\nout-of-bounds stack-based read/write flaw in cf2_hintmap_build() in\nthe CFF rasterizing code, which could lead to a buffer overflow\n(CVE-2014-2240).\n\nIt was also reported that Freetype before 2.5.3 has a\ndenial-of-service vulnerability in the CFF rasterizing code, due to a\nreachable assertion (CVE-2014-2241).\n\nIt was reported that Freetype before 2.5.4 suffers from an\nout-of-bounds stack-based read/write flaw in cf2_hintmap_build() in\nthe CFF rasterizing code, which could lead to a buffer overflow. This\nis due to an incomplete fix for CVE-2014-2240.\n\nThe tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType\nbefore 2.5.4 does not properly check for an integer overflow, which\nallows remote attackers to cause a denial of service (out-of-bounds\nread) or possibly have unspecified other impact via a crafted OpenType\nfont (CVE-2014-9656).\n\nThe tt_face_load_hdmx function in truetype/ttpload.c in FreeType\nbefore 2.5.4 does not establish a minimum record size, which allows\nremote attackers to cause a denial of service (out-of-bounds read) or\npossibly have unspecified other impact via a crafted TrueType font\n(CVE-2014-9657).\n\nThe tt_face_load_kern function in sfnt/ttkern.c in FreeType before\n2.5.4enforces an incorrect minimum table length, which allows remote\nattackers to cause a denial of service (out-of-bounds read) or\npossibly have unspecified other impact via a crafted TrueType font\n(CVE-2014-9658).\n\nThe _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before\n2.5.4 does not properly handle a missing ENDCHAR record, which allows\nremote attackers to cause a denial of service (NULL pointer\ndereference) or possibly have unspecified other impact via a crafted\nBDF font (CVE-2014-9660).\n\ntype42/t42parse.c in FreeType before 2.5.4 does not consider that\nscanning can be incomplete without triggering an error, which allows\nremote attackers to cause a denial of service (use-after-free) or\npossibly have unspecified other impact via a crafted Type42 font\n(CVE-2014-9661).\n\ncff/cf2ft.c in FreeType before 2.5.4 does not validate the return\nvalues of point-allocation functions, which allows remote attackers to\ncause a denial of service (heap-based buffer overflow) or possibly\nhave unspecified other impact via a crafted OTF font (CVE-2014-9662).\n\nThe tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before\n2.5.4 validates a certain length field before that field's value is\ncompletely calculated, which allows remote attackers to cause a denial\nof service (out-of-bounds read) or possibly have unspecified other\nimpact via a crafted cmap SFNT table (CVE-2014-9663).\n\nFreeType before 2.5.4 does not check for the end of the data during\ncertain parsing actions, which allows remote attackers to cause a\ndenial of service (out-of-bounds read) or possibly have unspecified\nother impact via a crafted Type42 font, related to type42/t42parse.c\nand type1/t1load.c (CVE-2014-9664).\n\nThe tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before\n2.5.4 proceeds with a count-to-size association without restricting\nthe count value, which allows remote attackers to cause a denial of\nservice (integer overflow and out-of-bounds read) or possibly have\nunspecified other impact via a crafted embedded bitmap\n(CVE-2014-9666).\n\nsfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length\ncalculations without restricting the values, which allows remote\nattackers to cause a denial of service (integer overflow and\nout-of-bounds read) or possibly have unspecified other impact via a\ncrafted SFNT table (CVE-2014-9667).\n\nMultiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4\nallow remote attackers to cause a denial of service (out-of-bounds\nread or memory corruption) or possibly have unspecified other impact\nvia a crafted cmap SFNT table (CVE-2014-9669).\n\nMultiple integer signedness errors in the pcf_get_encodings function\nin pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to\ncause a denial of service (integer overflow, NULL pointer dereference,\nand application crash) via a crafted PCF file that specifies negative\nvalues for the first column and first row (CVE-2014-9670).\n\nOff-by-one error in the pcf_get_properties function in pcf/pcfread.c\nin FreeType before 2.5.4 allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\nPCF file with a 0xffffffff size value that is improperly incremented\n(CVE-2014-9671).\n\nArray index error in the parse_fond function in base/ftmac.c in\nFreeType before 2.5.4 allows remote attackers to cause a denial of\nservice (out-of-bounds read) or obtain sensitive information from\nprocess memory via a crafted FOND resource in a Mac font file\n(CVE-2014-9672).\n\nInteger signedness error in the Mac_Read_POST_Resource function in\nbase/ftobjs.c in FreeType before 2.5.4 allows remote attackers to\ncause a denial of service (heap-based buffer overflow) or possibly\nhave unspecified other impact via a crafted Mac font (CVE-2014-9673).\n\nThe Mac_Read_POST_Resource function in base/ftobjs.c in FreeType\nbefore 2.5.4 proceeds with adding to length values without validating\nthe original values, which allows remote attackers to cause a denial\nof service (integer overflow and heap-based buffer overflow) or\npossibly have unspecified other impact via a crafted Mac font\n(CVE-2014-9674).\n\nbdf/bdflib.c in FreeType before 2.5.4 identifies property names by\nonly verifying that an initial substring is present, which allows\nremote attackers to discover heap pointer values and bypass the ASLR\nprotection mechanism via a crafted BDF font (CVE-2014-9675).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0130.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0526.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0083.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"freetype2-demos-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.5.0.1-5.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-02T08:00:36"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:mandriva:business_server:2", "p-cpe:/a:mandriva:linux:lib64freetype6", "p-cpe:/a:mandriva:linux:lib64freetype6-static-devel", "p-cpe:/a:mandriva:linux:freetype2-demos", "p-cpe:/a:mandriva:linux:lib64freetype6-devel"], "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-2241", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-2240", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Updated freetype2 packages fix security vulnerabilities :\n\nIt was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow (CVE-2014-2240).\n\nIt was also reported that Freetype before 2.5.3 has a denial-of-service vulnerability in the CFF rasterizing code, due to a reachable assertion (CVE-2014-2241).\n\nIt was reported that Freetype before 2.5.4 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow. This is due to an incomplete fix for CVE-2014-2240.\n\nThe tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font (CVE-2014-9656).\n\nThe tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9657).\n\nThe tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font (CVE-2014-9658).\n\nThe _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font (CVE-2014-9660).\n\ntype42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font (CVE-2014-9661).\n\ncff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font (CVE-2014-9662).\n\nThe tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9663).\n\nFreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c (CVE-2014-9664).\n\nThe tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap (CVE-2014-9666).\n\nsfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table (CVE-2014-9667).\n\nMultiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table (CVE-2014-9669).\n\nMultiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row (CVE-2014-9670).\n\nOff-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented (CVE-2014-9671).\n\nArray index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file (CVE-2014-9672).\n\nInteger signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9673).\n\nThe Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9674).\n\nbdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font (CVE-2014-9675).", "edition": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "2c6a2d7cb9ed09fc4939efb0d20cb7e36cb95aecf5a091916f0990ec081d680d", "hashmap": [{"hash": "85b8a83a30aa02cc3e2d54ff1f6abd96", "key": "modified"}, {"hash": "ffe498b4cc7a4b846fc867276ce98486", "key": "href"}, {"hash": "5db382f57aba45f3bf3985fdce45b02e", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "85b8a83a30aa02cc3e2d54ff1f6abd96", "key": "published"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "ddaeccb942bcbb037e7facb0ae6d2b5e", "key": "cpe"}, {"hash": "3e4880ab532e49d68806b01120fe17fd", "key": "title"}, {"hash": "4dbcaa2ec7584229b0a4ce33008fc342", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f89fdd33f1a82acbd4b81f7df7060a1a", "key": "references"}, {"hash": "3a65706285c554dae75db7c320a91c9b", "key": "cvelist"}, {"hash": "79d2600e69c36f6427ffeeabe92d824e", "key": "description"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=82342", "id": "MANDRIVA_MDVSA-2015-089.NASL", "lastseen": "2017-10-29T13:39:29", "modified": "2015-03-30T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "82342", "published": "2015-03-30T00:00:00", "references": ["http://advisories.mageia.org/MGASA-2014-0526.html", "http://advisories.mageia.org/MGASA-2014-0130.html", "http://advisories.mageia.org/MGASA-2015-0083.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:089. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82342);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/03/30 13:59:00 $\");\n\n script_cve_id(\"CVE-2014-2240\", \"CVE-2014-2241\", \"CVE-2014-9656\", \"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9662\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9666\", \"CVE-2014-9667\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9672\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_xref(name:\"MDVSA\", value:\"2015:089\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype2 packages fix security vulnerabilities :\n\nIt was reported that Freetype before 2.5.3 suffers from an\nout-of-bounds stack-based read/write flaw in cf2_hintmap_build() in\nthe CFF rasterizing code, which could lead to a buffer overflow\n(CVE-2014-2240).\n\nIt was also reported that Freetype before 2.5.3 has a\ndenial-of-service vulnerability in the CFF rasterizing code, due to a\nreachable assertion (CVE-2014-2241).\n\nIt was reported that Freetype before 2.5.4 suffers from an\nout-of-bounds stack-based read/write flaw in cf2_hintmap_build() in\nthe CFF rasterizing code, which could lead to a buffer overflow. This\nis due to an incomplete fix for CVE-2014-2240.\n\nThe tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType\nbefore 2.5.4 does not properly check for an integer overflow, which\nallows remote attackers to cause a denial of service (out-of-bounds\nread) or possibly have unspecified other impact via a crafted OpenType\nfont (CVE-2014-9656).\n\nThe tt_face_load_hdmx function in truetype/ttpload.c in FreeType\nbefore 2.5.4 does not establish a minimum record size, which allows\nremote attackers to cause a denial of service (out-of-bounds read) or\npossibly have unspecified other impact via a crafted TrueType font\n(CVE-2014-9657).\n\nThe tt_face_load_kern function in sfnt/ttkern.c in FreeType before\n2.5.4enforces an incorrect minimum table length, which allows remote\nattackers to cause a denial of service (out-of-bounds read) or\npossibly have unspecified other impact via a crafted TrueType font\n(CVE-2014-9658).\n\nThe _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before\n2.5.4 does not properly handle a missing ENDCHAR record, which allows\nremote attackers to cause a denial of service (NULL pointer\ndereference) or possibly have unspecified other impact via a crafted\nBDF font (CVE-2014-9660).\n\ntype42/t42parse.c in FreeType before 2.5.4 does not consider that\nscanning can be incomplete without triggering an error, which allows\nremote attackers to cause a denial of service (use-after-free) or\npossibly have unspecified other impact via a crafted Type42 font\n(CVE-2014-9661).\n\ncff/cf2ft.c in FreeType before 2.5.4 does not validate the return\nvalues of point-allocation functions, which allows remote attackers to\ncause a denial of service (heap-based buffer overflow) or possibly\nhave unspecified other impact via a crafted OTF font (CVE-2014-9662).\n\nThe tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before\n2.5.4 validates a certain length field before that field's value is\ncompletely calculated, which allows remote attackers to cause a denial\nof service (out-of-bounds read) or possibly have unspecified other\nimpact via a crafted cmap SFNT table (CVE-2014-9663).\n\nFreeType before 2.5.4 does not check for the end of the data during\ncertain parsing actions, which allows remote attackers to cause a\ndenial of service (out-of-bounds read) or possibly have unspecified\nother impact via a crafted Type42 font, related to type42/t42parse.c\nand type1/t1load.c (CVE-2014-9664).\n\nThe tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before\n2.5.4 proceeds with a count-to-size association without restricting\nthe count value, which allows remote attackers to cause a denial of\nservice (integer overflow and out-of-bounds read) or possibly have\nunspecified other impact via a crafted embedded bitmap\n(CVE-2014-9666).\n\nsfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length\ncalculations without restricting the values, which allows remote\nattackers to cause a denial of service (integer overflow and\nout-of-bounds read) or possibly have unspecified other impact via a\ncrafted SFNT table (CVE-2014-9667).\n\nMultiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4\nallow remote attackers to cause a denial of service (out-of-bounds\nread or memory corruption) or possibly have unspecified other impact\nvia a crafted cmap SFNT table (CVE-2014-9669).\n\nMultiple integer signedness errors in the pcf_get_encodings function\nin pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to\ncause a denial of service (integer overflow, NULL pointer dereference,\nand application crash) via a crafted PCF file that specifies negative\nvalues for the first column and first row (CVE-2014-9670).\n\nOff-by-one error in the pcf_get_properties function in pcf/pcfread.c\nin FreeType before 2.5.4 allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\nPCF file with a 0xffffffff size value that is improperly incremented\n(CVE-2014-9671).\n\nArray index error in the parse_fond function in base/ftmac.c in\nFreeType before 2.5.4 allows remote attackers to cause a denial of\nservice (out-of-bounds read) or obtain sensitive information from\nprocess memory via a crafted FOND resource in a Mac font file\n(CVE-2014-9672).\n\nInteger signedness error in the Mac_Read_POST_Resource function in\nbase/ftobjs.c in FreeType before 2.5.4 allows remote attackers to\ncause a denial of service (heap-based buffer overflow) or possibly\nhave unspecified other impact via a crafted Mac font (CVE-2014-9673).\n\nThe Mac_Read_POST_Resource function in base/ftobjs.c in FreeType\nbefore 2.5.4 proceeds with adding to length values without validating\nthe original values, which allows remote attackers to cause a denial\nof service (integer overflow and heap-based buffer overflow) or\npossibly have unspecified other impact via a crafted Mac font\n(CVE-2014-9674).\n\nbdf/bdflib.c in FreeType before 2.5.4 identifies property names by\nonly verifying that an initial substring is present, which allows\nremote attackers to discover heap pointer values and bypass the ASLR\nprotection mechanism via a crafted BDF font (CVE-2014-9675).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0130.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0526.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0083.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"freetype2-demos-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.5.0.1-5.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:39:29"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "ddaeccb942bcbb037e7facb0ae6d2b5e"}, {"key": "cvelist", "hash": "3a65706285c554dae75db7c320a91c9b"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "79d2600e69c36f6427ffeeabe92d824e"}, {"key": "href", "hash": "ffe498b4cc7a4b846fc867276ce98486"}, {"key": "modified", "hash": "e2914120514a29eeccc01e381df164d8"}, {"key": "naslFamily", "hash": "526837706681051344a466f9e51ac982"}, {"key": "pluginID", "hash": "4dbcaa2ec7584229b0a4ce33008fc342"}, {"key": "published", "hash": "85b8a83a30aa02cc3e2d54ff1f6abd96"}, {"key": "references", "hash": "f89fdd33f1a82acbd4b81f7df7060a1a"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "b0f63e472d23aa51e5761e9549d21f6e"}, {"key": "title", "hash": "3e4880ab532e49d68806b01120fe17fd"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "aa696e6fbb273d972328a957e4c04a8bf4a9a907bdec198eac3c61ea7e5af0cb", "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}, "vulnersScore": 6.8}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:089. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82342);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/07/19 20:59:19\");\n\n script_cve_id(\"CVE-2014-2240\", \"CVE-2014-2241\", \"CVE-2014-9656\", \"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9662\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9666\", \"CVE-2014-9667\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9672\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_xref(name:\"MDVSA\", value:\"2015:089\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype2 packages fix security vulnerabilities :\n\nIt was reported that Freetype before 2.5.3 suffers from an\nout-of-bounds stack-based read/write flaw in cf2_hintmap_build() in\nthe CFF rasterizing code, which could lead to a buffer overflow\n(CVE-2014-2240).\n\nIt was also reported that Freetype before 2.5.3 has a\ndenial-of-service vulnerability in the CFF rasterizing code, due to a\nreachable assertion (CVE-2014-2241).\n\nIt was reported that Freetype before 2.5.4 suffers from an\nout-of-bounds stack-based read/write flaw in cf2_hintmap_build() in\nthe CFF rasterizing code, which could lead to a buffer overflow. This\nis due to an incomplete fix for CVE-2014-2240.\n\nThe tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType\nbefore 2.5.4 does not properly check for an integer overflow, which\nallows remote attackers to cause a denial of service (out-of-bounds\nread) or possibly have unspecified other impact via a crafted OpenType\nfont (CVE-2014-9656).\n\nThe tt_face_load_hdmx function in truetype/ttpload.c in FreeType\nbefore 2.5.4 does not establish a minimum record size, which allows\nremote attackers to cause a denial of service (out-of-bounds read) or\npossibly have unspecified other impact via a crafted TrueType font\n(CVE-2014-9657).\n\nThe tt_face_load_kern function in sfnt/ttkern.c in FreeType before\n2.5.4enforces an incorrect minimum table length, which allows remote\nattackers to cause a denial of service (out-of-bounds read) or\npossibly have unspecified other impact via a crafted TrueType font\n(CVE-2014-9658).\n\nThe _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before\n2.5.4 does not properly handle a missing ENDCHAR record, which allows\nremote attackers to cause a denial of service (NULL pointer\ndereference) or possibly have unspecified other impact via a crafted\nBDF font (CVE-2014-9660).\n\ntype42/t42parse.c in FreeType before 2.5.4 does not consider that\nscanning can be incomplete without triggering an error, which allows\nremote attackers to cause a denial of service (use-after-free) or\npossibly have unspecified other impact via a crafted Type42 font\n(CVE-2014-9661).\n\ncff/cf2ft.c in FreeType before 2.5.4 does not validate the return\nvalues of point-allocation functions, which allows remote attackers to\ncause a denial of service (heap-based buffer overflow) or possibly\nhave unspecified other impact via a crafted OTF font (CVE-2014-9662).\n\nThe tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before\n2.5.4 validates a certain length field before that field's value is\ncompletely calculated, which allows remote attackers to cause a denial\nof service (out-of-bounds read) or possibly have unspecified other\nimpact via a crafted cmap SFNT table (CVE-2014-9663).\n\nFreeType before 2.5.4 does not check for the end of the data during\ncertain parsing actions, which allows remote attackers to cause a\ndenial of service (out-of-bounds read) or possibly have unspecified\nother impact via a crafted Type42 font, related to type42/t42parse.c\nand type1/t1load.c (CVE-2014-9664).\n\nThe tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before\n2.5.4 proceeds with a count-to-size association without restricting\nthe count value, which allows remote attackers to cause a denial of\nservice (integer overflow and out-of-bounds read) or possibly have\nunspecified other impact via a crafted embedded bitmap\n(CVE-2014-9666).\n\nsfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length\ncalculations without restricting the values, which allows remote\nattackers to cause a denial of service (integer overflow and\nout-of-bounds read) or possibly have unspecified other impact via a\ncrafted SFNT table (CVE-2014-9667).\n\nMultiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4\nallow remote attackers to cause a denial of service (out-of-bounds\nread or memory corruption) or possibly have unspecified other impact\nvia a crafted cmap SFNT table (CVE-2014-9669).\n\nMultiple integer signedness errors in the pcf_get_encodings function\nin pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to\ncause a denial of service (integer overflow, NULL pointer dereference,\nand application crash) via a crafted PCF file that specifies negative\nvalues for the first column and first row (CVE-2014-9670).\n\nOff-by-one error in the pcf_get_properties function in pcf/pcfread.c\nin FreeType before 2.5.4 allows remote attackers to cause a denial of\nservice (NULL pointer dereference and application crash) via a crafted\nPCF file with a 0xffffffff size value that is improperly incremented\n(CVE-2014-9671).\n\nArray index error in the parse_fond function in base/ftmac.c in\nFreeType before 2.5.4 allows remote attackers to cause a denial of\nservice (out-of-bounds read) or obtain sensitive information from\nprocess memory via a crafted FOND resource in a Mac font file\n(CVE-2014-9672).\n\nInteger signedness error in the Mac_Read_POST_Resource function in\nbase/ftobjs.c in FreeType before 2.5.4 allows remote attackers to\ncause a denial of service (heap-based buffer overflow) or possibly\nhave unspecified other impact via a crafted Mac font (CVE-2014-9673).\n\nThe Mac_Read_POST_Resource function in base/ftobjs.c in FreeType\nbefore 2.5.4 proceeds with adding to length values without validating\nthe original values, which allows remote attackers to cause a denial\nof service (integer overflow and heap-based buffer overflow) or\npossibly have unspecified other impact via a crafted Mac font\n(CVE-2014-9674).\n\nbdf/bdflib.c in FreeType before 2.5.4 identifies property names by\nonly verifying that an initial substring is present, which allows\nremote attackers to discover heap pointer values and bypass the ASLR\nprotection mechanism via a crafted BDF font (CVE-2014-9675).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0130.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0526.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0083.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"freetype2-demos-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.5.0.1-5.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.5.0.1-5.1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "pluginID": "82342", "cpe": ["cpe:/o:mandriva:business_server:2", "p-cpe:/a:mandriva:linux:lib64freetype6", "p-cpe:/a:mandriva:linux:lib64freetype6-static-devel", "p-cpe:/a:mandriva:linux:freetype2-demos", "p-cpe:/a:mandriva:linux:lib64freetype6-devel"]}

{"openvas": [{"lastseen": "2018-09-01T23:49:04", "references": ["2015:0696", "http://lists.centos.org/pipermail/centos-announce/2015-March/020982.html"], "pluginID": "1361412562310882130", "description": "Check the version of freetype", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-19T00:00:00", "title": "CentOS Update for freetype CESA-2015:0696 centos6 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882130", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882130", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2015:0696 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882130\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-19 05:50:07 +0100 (Thu, 19 Mar 2015)\");\n script_cve_id(\"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9667\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for freetype CESA-2015:0696 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of freetype\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently.\n\nMultiple integer overflow flaws and an integer signedness flaw, leading to\nheap-based buffer overflows, were found in the way FreeType handled Mac\nfonts. If a specially crafted font file was loaded by an application linked\nagainst FreeType, it could cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2014-9673, CVE-2014-9674)\n\nMultiple flaws were found in the way FreeType handled fonts in various\nformats. If a specially crafted font file was loaded by an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, disclose a portion of the application memory. (CVE-2014-9657,\nCVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664,\nCVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9675)\n\nAll freetype users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\n\");\n script_tag(name: \"affected\", value: \"freetype on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0696\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-March/020982.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.11~15.el6_6.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.3.11~15.el6_6.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.3.11~15.el6_6.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:23:33", "references": ["http://linux.oracle.com/errata/ELSA-2015-0696.html"], "pluginID": "1361412562310123157", "description": "Oracle Linux Local Security Checks ELSA-2015-0696", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "title": "Oracle Linux Local Check: ELSA-2015-0696", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123157", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123157", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0696.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123157\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:00:04 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0696\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0696 - freetype security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0696\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0696.html\");\n script_cve_id(\"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9667\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.4.11~10.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.4.11~10.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.4.11~10.el7_1.1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.11~15.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.3.11~15.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.3.11~15.el6_6.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:13:19", "references": ["2015:0696-01", "https://www.redhat.com/archives/rhsa-announce/2015-March/msg00039.html"], "pluginID": "1361412562310871337", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-03-19T00:00:00", "title": "RedHat Update for freetype RHSA-2015:0696-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871337", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871337", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for freetype RHSA-2015:0696-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871337\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-19 05:48:42 +0100 (Thu, 19 Mar 2015)\");\n script_cve_id(\"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9667\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for freetype RHSA-2015:0696-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently.\n\nMultiple integer overflow flaws and an integer signedness flaw, leading to\nheap-based buffer overflows, were found in the way FreeType handled Mac\nfonts. If a specially crafted font file was loaded by an application linked\nagainst FreeType, it could cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2014-9673, CVE-2014-9674)\n\nMultiple flaws were found in the way FreeType handled fonts in various\nformats. If a specially crafted font file was loaded by an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, disclose a portion of the application memory. (CVE-2014-9657,\nCVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664,\nCVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9675)\n\nAll freetype users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\");\n script_tag(name:\"affected\", value:\"freetype on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0696-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-March/msg00039.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.4.11~10.el7_1.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.4.11~10.el7_1.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.4.11~10.el7_1.1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.11~15.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.3.11~15.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.3.11~15.el6_6.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:51:19", "references": ["2015:0696", "http://lists.centos.org/pipermail/centos-announce/2015-April/021019.html"], "pluginID": "1361412562310882138", "description": "Check the version of freetype", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-04-01T00:00:00", "title": "CentOS Update for freetype CESA-2015:0696 centos7 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310882138", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882138", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for freetype CESA-2015:0696 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882138\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-04-01 07:21:10 +0200 (Wed, 01 Apr 2015)\");\n script_cve_id(\"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9667\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for freetype CESA-2015:0696 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of freetype\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently.\n\nMultiple integer overflow flaws and an integer signedness flaw, leading to\nheap-based buffer overflows, were found in the way FreeType handled Mac\nfonts. If a specially crafted font file was loaded by an application linked\nagainst FreeType, it could cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2014-9673, CVE-2014-9674)\n\nMultiple flaws were found in the way FreeType handled fonts in various\nformats. If a specially crafted font file was loaded by an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, disclose a portion of the application memory. (CVE-2014-9657,\nCVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664,\nCVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9675)\n\nAll freetype users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\n\");\n script_tag(name: \"affected\", value: \"freetype on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0696\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-April/021019.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.4.11~10.el7_1.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.4.11~10.el7_1.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.4.11~10.el7_1.1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T14:30:35", "references": ["https://alas.aws.amazon.com/ALAS-2015-502.html"], "pluginID": "1361412562310120367", "description": "Amazon Linux Local Security Checks", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-09-08T00:00:00", "title": "Amazon Linux Local Check: ALAS-2015-502", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2018-10-01T00:00:00", "id": "OPENVAS:1361412562310120367", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120367", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-502.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120367\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:24:44 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2015-502\");\n script_tag(name:\"insight\", value:\"Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2014-9673, CVE-2014-9674 )Multiple flaws were found in the way FreeType handled fonts in various formats. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, possibly, disclose a portion of the application memory. (CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664, CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9675 )\");\n script_tag(name:\"solution\", value:\"Run yum update freetype to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-502.html\");\n script_cve_id(\"CVE-2014-9663\", \"CVE-2014-9657\", \"CVE-2014-9661\", \"CVE-2014-9660\", \"CVE-2014-9667\", \"CVE-2014-9664\", \"CVE-2014-9669\", \"CVE-2014-9658\", \"CVE-2014-9674\", \"CVE-2014-9675\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9673\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"freetype-debuginfo\", rpm:\"freetype-debuginfo~2.3.11~15.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"freetype-demos\", rpm:\"freetype-demos~2.3.11~15.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.3.11~15.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"freetype-devel\", rpm:\"freetype-devel~2.3.11~15.14.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:01:50", "references": ["2510-1", "http://www.ubuntu.com/usn/usn-2510-1/"], "pluginID": "1361412562310842099", "description": "The remote host is missing an update for the ", "edition": 9, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-02-25T00:00:00", "title": "Ubuntu Update for freetype USN-2510-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310842099", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842099", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for freetype USN-2510-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842099\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-25 05:43:00 +0100 (Wed, 25 Feb 2015)\");\n script_cve_id(\"CVE-2014-9656\", \"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9659\",\n \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9662\", \"CVE-2014-9663\",\n \"CVE-2014-9664\", \"CVE-2014-9665\", \"CVE-2014-9666\", \"CVE-2014-9667\",\n \"CVE-2014-9668\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\",\n \"CVE-2014-9672\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for freetype USN-2510-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mateusz Jurczyk discovered that FreeType did\nnot correctly handle certain malformed font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause FreeType to\ncrash or possibly execute arbitrary code with user privileges.\");\n script_tag(name:\"affected\", value:\"freetype on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2510-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2510-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6:amd64\", ver:\"2.5.2-2ubuntu1.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6:i386\", ver:\"2.5.2-2ubuntu1.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6:i386\", ver:\"2.5.2-1ubuntu2.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6:amd64\", ver:\"2.5.2-1ubuntu2.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.8-1ubuntu2.2\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.11-1ubuntu2.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-29T12:39:28", "references": ["https://security.gentoo.org/glsa/201503-05"], "pluginID": "1361412562310121359", "description": "Gentoo Linux Local Security Checks GLSA 201503-05", "edition": 7, "reporter": "Eero Volotinen", "published": "2015-09-29T00:00:00", "title": "Gentoo Security Advisory GLSA 201503-05", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121359", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201503-05.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121359\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:38 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201503-05\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201503-05\");\n script_cve_id(\"CVE-2014-9656\", \"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9659\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9662\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9665\", \"CVE-2014-9666\", \"CVE-2014-9667\", \"CVE-2014-9668\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9672\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201503-05\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"media-libs/freetype\", unaffected: make_list(\"ge 2.5.5\"), vulnerable: make_list(\"lt 2.5.5\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:56", "references": ["2015-2237", "https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html"], "pluginID": "1361412562310869025", "description": "Check the version of freetype", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-02-20T00:00:00", "title": "Fedora Update for freetype FEDORA-2015-2237", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310869025", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869025", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for freetype FEDORA-2015-2237\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869025\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-20 05:46:03 +0100 (Fri, 20 Feb 2015)\");\n script_cve_id(\"CVE-2014-9656\", \"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9675\",\n \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9662\", \"CVE-2014-9663\",\n \"CVE-2014-9664\", \"CVE-2014-9665\", \"CVE-2014-9666\", \"CVE-2014-9667\",\n \"CVE-2014-9668\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\",\n \"CVE-2014-9672\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9659\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for freetype FEDORA-2015-2237\");\n script_tag(name: \"summary\", value: \"Check the version of freetype\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The FreeType engine is a free and portable\nfont rendering engine, developed to provide advanced font support for a variety of\nplatforms and environments. FreeType is a library which can open and manages font\nfiles as well as efficiently load, hint and render individual glyphs. FreeType is\nnot a font server or a complete text-rendering library.\n\");\n script_tag(name: \"affected\", value: \"freetype on Fedora 21\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-2237\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.5.3~15.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:49:42", "references": ["2015-2216", "https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html"], "pluginID": "1361412562310869027", "description": "Check the version of freetype", "edition": 5, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-02-21T00:00:00", "title": "Fedora Update for freetype FEDORA-2015-2216", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-2241", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-2240", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310869027", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869027", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for freetype FEDORA-2015-2216\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869027\");\n script_version(\"$Revision: 6630 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:34:32 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-21 05:39:58 +0100 (Sat, 21 Feb 2015)\");\n script_cve_id(\"CVE-2014-9656\", \"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9675\",\n \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9662\", \"CVE-2014-9663\",\n \"CVE-2014-9664\", \"CVE-2014-9666\", \"CVE-2014-9667\", \"CVE-2014-9669\",\n \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9672\", \"CVE-2014-9673\",\n \"CVE-2014-9674\", \"CVE-2014-2240\", \"CVE-2014-2241\", \"CVE-2014-9659\",\n \"CVE-2014-9665\", \"CVE-2014-9668\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for freetype FEDORA-2015-2216\");\n script_tag(name: \"summary\", value: \"Check the version of freetype\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The FreeType engine is a free and portable\nfont rendering engine, developed to provide advanced font support for a variety\nof platforms and environments. FreeType is a library which can open and manages\nfont files as well as efficiently load, hint and render individual glyphs.\nFreeType is not a font server or a complete text-rendering library.\n\");\n script_tag(name: \"affected\", value: \"freetype on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"FEDORA\", value: \"2015-2216\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype\", rpm:\"freetype~2.5.0~9.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:02", "references": ["http://www.debian.org/security/2015/dsa-3188.html"], "pluginID": "1361412562310703188", "description": "Mateusz Jurczyk discovered multiple\nvulnerabilities in Freetype. Opening malformed fonts may result in denial of\nservice or the execution of arbitrary code.", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-03-15T00:00:00", "title": "Debian Security Advisory DSA 3188-1 (freetype - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703188", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703188", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3188.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3188-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703188\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2014-9656\", \"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9660\",\n \"CVE-2014-9661\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9666\",\n \"CVE-2014-9667\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\",\n \"CVE-2014-9672\", \"CVE-2014-9673\", \"CVE-2014-9675\");\n script_name(\"Debian Security Advisory DSA 3188-1 (freetype - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-03-15 00:00:00 +0100 (Sun, 15 Mar 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3188.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"freetype on Debian Linux\");\n script_tag(name: \"insight\", value: \"The FreeType 2 library is a software font engine.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 2.4.9-1.1+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 2.5.2-3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.5.2-3.\n\nWe recommend that you upgrade your freetype packages.\");\n script_tag(name: \"summary\", value: \"Mateusz Jurczyk discovered multiple\nvulnerabilities in Freetype. Opening malformed fonts may result in denial of\nservice or the execution of arbitrary code.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"freetype2-demos\", ver:\"2.4.9-1.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libfreetype6:amd64\", ver:\"2.4.9-1.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libfreetype6:i386\", ver:\"2.4.9-1.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libfreetype6-dev\", ver:\"2.4.9-1.1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:36:22", "references": ["https://support.f5.com/csp/#/article/K16900"], "pluginID": "91368", "description": "CVE-2014-9657 The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.\n\nCVE-2014-9658 The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.\n\nCVE-2014-9660 The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.\n\nCVE-2014-9661 type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.\n\nCVE-2014-9663 The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.\n\nCVE-2014-9664 FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.\n\nCVE-2014-9667 sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.\n\nCVE-2014-9669 Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.\n\nCVE-2014-9670 Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.\n\nCVE-2014-9671 Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.\n\nCVE-2014-9673 Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.\n\nCVE-2014-9674 The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.\n\nCVE-2014-9675 bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.", "edition": 7, "reporter": "Tenable", "published": "2016-05-31T00:00:00", "title": "F5 Networks BIG-IP : Multiple FreeType vulnerabilities (K16900)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "F5 Networks Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2018-07-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL16900.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=91368", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K16900.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91368);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/07/10 14:27:32\");\n\n script_cve_id(\"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9667\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_bugtraq_id(72986);\n\n script_name(english:\"F5 Networks BIG-IP : Multiple FreeType vulnerabilities (K16900)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2014-9657 The tt_face_load_hdmx function in truetype/ttpload.c in\nFreeType before 2.5.4 does not establish a minimum record size, which\nallows remote attackers to cause a denial of service (out-of-bounds\nread) or possibly have unspecified other impact via a crafted TrueType\nfont.\n\nCVE-2014-9658 The tt_face_load_kern function in sfnt/ttkern.c in\nFreeType before 2.5.4 enforces an incorrect minimum table length,\nwhich allows remote attackers to cause a denial of service\n(out-of-bounds read) or possibly have unspecified other impact via a\ncrafted TrueType font.\n\nCVE-2014-9660 The _bdf_parse_glyphs function in bdf/bdflib.c in\nFreeType before 2.5.4 does not properly handle a missing ENDCHAR\nrecord, which allows remote attackers to cause a denial of service\n(NULL pointer dereference) or possibly have unspecified other impact\nvia a crafted BDF font.\n\nCVE-2014-9661 type42/t42parse.c in FreeType before 2.5.4 does not\nconsider that scanning can be incomplete without triggering an error,\nwhich allows remote attackers to cause a denial of service\n(use-after-free) or possibly have unspecified other impact via a\ncrafted Type42 font.\n\nCVE-2014-9663 The tt_cmap4_validate function in sfnt/ttcmap.c in\nFreeType before 2.5.4 validates a certain length field before that\nfield's value is completely calculated, which allows remote attackers\nto cause a denial of service (out-of-bounds read) or possibly have\nunspecified other impact via a crafted cmap SFNT table.\n\nCVE-2014-9664 FreeType before 2.5.4 does not check for the end of the\ndata during certain parsing actions, which allows remote attackers to\ncause a denial of service (out-of-bounds read) or possibly have\nunspecified other impact via a crafted Type42 font, related to\ntype42/t42parse.c and type1/t1load.c.\n\nCVE-2014-9667 sfnt/ttload.c in FreeType before 2.5.4 proceeds with\noffset+length calculations without restricting the values, which\nallows remote attackers to cause a denial of service (integer overflow\nand out-of-bounds read) or possibly have unspecified other impact via\na crafted SFNT table.\n\nCVE-2014-9669 Multiple integer overflows in sfnt/ttcmap.c in FreeType\nbefore 2.5.4 allow remote attackers to cause a denial of service\n(out-of-bounds read or memory corruption) or possibly have unspecified\nother impact via a crafted cmap SFNT table.\n\nCVE-2014-9670 Multiple integer signedness errors in the\npcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4\nallow remote attackers to cause a denial of service (integer overflow,\nNULL pointer dereference, and application crash) via a crafted PCF\nfile that specifies negative values for the first column and first\nrow.\n\nCVE-2014-9671 Off-by-one error in the pcf_get_properties function in\npcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to\ncause a denial of service (NULL pointer dereference and application\ncrash) via a crafted PCF file with a 0xffffffff size value that is\nimproperly incremented.\n\nCVE-2014-9673 Integer signedness error in the Mac_Read_POST_Resource\nfunction in base/ftobjs.c in FreeType before 2.5.4 allows remote\nattackers to cause a denial of service (heap-based buffer overflow) or\npossibly have unspecified other impact via a crafted Mac font.\n\nCVE-2014-9674 The Mac_Read_POST_Resource function in base/ftobjs.c in\nFreeType before 2.5.4 proceeds with adding to length values without\nvalidating the original values, which allows remote attackers to cause\na denial of service (integer overflow and heap-based buffer overflow)\nor possibly have unspecified other impact via a crafted Mac font.\n\nCVE-2014-9675 bdf/bdflib.c in FreeType before 2.5.4 identifies\nproperty names by only verifying that an initial substring is present,\nwhich allows remote attackers to discover heap pointer values and\nbypass the ASLR protection mechanism via a crafted BDF font.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/#/article/K16900\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K16900.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K16900\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.3.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.4.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.0.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.3.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:41:03", "references": ["https://oss.oracle.com/pipermail/el-errata/2015-March/004910.html", "https://oss.oracle.com/pipermail/el-errata/2015-March/004909.html"], "pluginID": "81902", "description": "From Red Hat Security Advisory 2015:0696 :\n\nUpdated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently.\n\nMultiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2014-9673, CVE-2014-9674)\n\nMultiple flaws were found in the way FreeType handled fonts in various formats. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, possibly, disclose a portion of the application memory.\n(CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664, CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9675)\n\nAll freetype users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2015-03-18T00:00:00", "title": "Oracle Linux 6 / 7 : freetype (ELSA-2015-0696)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:freetype-demos", "p-cpe:/a:oracle:linux:freetype-devel", "p-cpe:/a:oracle:linux:freetype", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-0696.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81902", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0696 and \n# Oracle Linux Security Advisory ELSA-2015-0696 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81902);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9667\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_xref(name:\"RHSA\", value:\"2015:0696\");\n\n script_name(english:\"Oracle Linux 6 / 7 : freetype (ELSA-2015-0696)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0696 :\n\nUpdated freetype packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently.\n\nMultiple integer overflow flaws and an integer signedness flaw,\nleading to heap-based buffer overflows, were found in the way FreeType\nhandled Mac fonts. If a specially crafted font file was loaded by an\napplication linked against FreeType, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2014-9673, CVE-2014-9674)\n\nMultiple flaws were found in the way FreeType handled fonts in various\nformats. If a specially crafted font file was loaded by an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, disclose a portion of the application memory.\n(CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661,\nCVE-2014-9663, CVE-2014-9664, CVE-2014-9667, CVE-2014-9669,\nCVE-2014-9670, CVE-2014-9671, CVE-2014-9675)\n\nAll freetype users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The X server\nmust be restarted (log out, then log back in) for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004909.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-March/004910.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"freetype-2.3.11-15.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"freetype-demos-2.3.11-15.el6_6.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"freetype-devel-2.3.11-15.el6_6.1\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"freetype-2.4.11-10.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"freetype-demos-2.4.11-10.el7_1.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"freetype-devel-2.4.11-10.el7_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-demos / freetype-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:10:31", "references": ["https://alas.aws.amazon.com/ALAS-2015-502.html"], "pluginID": "82509", "description": "Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2014-9673 , CVE-2014-9674)\n\nMultiple flaws were found in the way FreeType handled fonts in various formats. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, possibly, disclose a portion of the application memory. (CVE-2014-9657 , CVE-2014-9658 , CVE-2014-9660 , CVE-2014-9661 , CVE-2014-9663 , CVE-2014-9664 , CVE-2014-9667 , CVE-2014-9669 , CVE-2014-9670 , CVE-2014-9671 , CVE-2014-9675)", "edition": 5, "reporter": "Tenable", "published": "2015-04-02T00:00:00", "title": "Amazon Linux AMI : freetype (ALAS-2015-502)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Amazon Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:freetype-devel", "p-cpe:/a:amazon:linux:freetype-demos", "p-cpe:/a:amazon:linux:freetype", "p-cpe:/a:amazon:linux:freetype-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-502.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82509", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-502.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82509);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9667\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_xref(name:\"ALAS\", value:\"2015-502\");\n script_xref(name:\"RHSA\", value:\"2015:0696\");\n\n script_name(english:\"Amazon Linux AMI : freetype (ALAS-2015-502)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple integer overflow flaws and an integer signedness flaw,\nleading to heap-based buffer overflows, were found in the way FreeType\nhandled Mac fonts. If a specially crafted font file was loaded by an\napplication linked against FreeType, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2014-9673 , CVE-2014-9674)\n\nMultiple flaws were found in the way FreeType handled fonts in various\nformats. If a specially crafted font file was loaded by an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, disclose a portion of the application memory. (CVE-2014-9657\n, CVE-2014-9658 , CVE-2014-9660 , CVE-2014-9661 , CVE-2014-9663 ,\nCVE-2014-9664 , CVE-2014-9667 , CVE-2014-9669 , CVE-2014-9670 ,\nCVE-2014-9671 , CVE-2014-9675)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-502.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update freetype' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:freetype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"freetype-2.3.11-15.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"freetype-debuginfo-2.3.11-15.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"freetype-demos-2.3.11-15.14.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"freetype-devel-2.3.11-15.14.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-debuginfo / freetype-demos / freetype-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:37:37", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=916868", "https://bugzilla.opensuse.org/show_bug.cgi?id=916865", "https://bugzilla.opensuse.org/show_bug.cgi?id=916881", "https://bugzilla.opensuse.org/show_bug.cgi?id=916862", "https://bugzilla.opensuse.org/show_bug.cgi?id=916856", "https://bugzilla.opensuse.org/show_bug.cgi?id=916871", "https://bugzilla.opensuse.org/show_bug.cgi?id=916873", "https://bugzilla.opensuse.org/show_bug.cgi?id=916867", "https://bugzilla.opensuse.org/show_bug.cgi?id=916858", "https://bugzilla.opensuse.org/show_bug.cgi?id=916847", "https://bugzilla.opensuse.org/show_bug.cgi?id=916859", "https://bugzilla.opensuse.org/show_bug.cgi?id=916874", "https://bugzilla.opensuse.org/show_bug.cgi?id=916864", "https://bugzilla.opensuse.org/show_bug.cgi?id=916870", "https://bugzilla.opensuse.org/show_bug.cgi?id=916861", "https://bugzilla.opensuse.org/show_bug.cgi?id=916863", "https://bugzilla.opensuse.org/show_bug.cgi?id=916872", "https://bugzilla.opensuse.org/show_bug.cgi?id=916857", "https://bugzilla.opensuse.org/show_bug.cgi?id=916860", "https://bugzilla.opensuse.org/show_bug.cgi?id=916879"], "pluginID": "82461", "description": "freetype2 was updated to fix various vulnerabilities that could lead to crashes or potentially code execution when parsing fonts.", "edition": 4, "reporter": "Tenable", "published": "2015-03-31T00:00:00", "title": "openSUSE Security Update : freetype2 (openSUSE-2015-274)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "modified": "2015-03-31T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:freetype2-devel-32bit", "p-cpe:/a:novell:opensuse:freetype2-debugsource", "p-cpe:/a:novell:opensuse:libfreetype6-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libfreetype6-debuginfo", "p-cpe:/a:novell:opensuse:libfreetype6", "p-cpe:/a:novell:opensuse:ft2demos-debugsource", "p-cpe:/a:novell:opensuse:ft2demos", "p-cpe:/a:novell:opensuse:freetype2-devel", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:ft2demos-debuginfo", "p-cpe:/a:novell:opensuse:libfreetype6-32bit", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2015-274.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82461", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-274.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82461);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/03/31 13:56:07 $\");\n\n script_cve_id(\"CVE-2014-9656\", \"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9659\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9662\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9665\", \"CVE-2014-9666\", \"CVE-2014-9667\", \"CVE-2014-9668\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9672\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n\n script_name(english:\"openSUSE Security Update : freetype2 (openSUSE-2015-274)\");\n script_summary(english:\"Check for the openSUSE-2015-274 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"freetype2 was updated to fix various vulnerabilities that could lead\nto crashes or potentially code execution when parsing fonts.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916860\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=916881\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ft2demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ft2demos-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ft2demos-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"freetype2-debugsource-2.5.0.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"freetype2-devel-2.5.0.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ft2demos-2.5.0-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ft2demos-debuginfo-2.5.0-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ft2demos-debugsource-2.5.0-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreetype6-2.5.0.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libfreetype6-debuginfo-2.5.0.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.5.0.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.5.0.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libfreetype6-debuginfo-32bit-2.5.0.1-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"freetype2-debugsource-2.5.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"freetype2-devel-2.5.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ft2demos-2.5.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ft2demos-debuginfo-2.5.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ft2demos-debugsource-2.5.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libfreetype6-2.5.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libfreetype6-debuginfo-2.5.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.5.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.5.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libfreetype6-debuginfo-32bit-2.5.3-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2-debugsource / freetype2-devel / freetype2-devel-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:17", "references": ["http://www.nessus.org/u?fe7177ae", "http://www.nessus.org/u?ba73e150"], "pluginID": "81924", "description": "Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently.\n\nMultiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2014-9673, CVE-2014-9674)\n\nMultiple flaws were found in the way FreeType handled fonts in various formats. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, possibly, disclose a portion of the application memory.\n(CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664, CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9675)\n\nAll freetype users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "edition": 4, "reporter": "Tenable", "published": "2015-03-19T00:00:00", "title": "CentOS 6 / 7 : freetype (CESA-2015:0696)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2015-03-20T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:freetype", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:freetype-demos", "p-cpe:/a:centos:centos:freetype-devel"], "id": "CENTOS_RHSA-2015-0696.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81924", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0696 and \n# CentOS Errata and Security Advisory 2015:0696 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81924);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/03/20 15:13:05 $\");\n\n script_cve_id(\"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9667\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_xref(name:\"RHSA\", value:\"2015:0696\");\n\n script_name(english:\"CentOS 6 / 7 : freetype (CESA-2015:0696)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently.\n\nMultiple integer overflow flaws and an integer signedness flaw,\nleading to heap-based buffer overflows, were found in the way FreeType\nhandled Mac fonts. If a specially crafted font file was loaded by an\napplication linked against FreeType, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2014-9673, CVE-2014-9674)\n\nMultiple flaws were found in the way FreeType handled fonts in various\nformats. If a specially crafted font file was loaded by an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, disclose a portion of the application memory.\n(CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661,\nCVE-2014-9663, CVE-2014-9664, CVE-2014-9667, CVE-2014-9669,\nCVE-2014-9670, CVE-2014-9671, CVE-2014-9675)\n\nAll freetype users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The X server\nmust be restarted (log out, then log back in) for this update to take\neffect.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2015-March/001854.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fe7177ae\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2015-March/020982.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ba73e150\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n# Temp disable\nexit(0, \"Temporarily disabled.\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"freetype-2.3.11-15.el6_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"freetype-demos-2.3.11-15.el6_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"freetype-devel-2.3.11-15.el6_6.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"freetype-2.4.11-10.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"freetype-demos-2.4.11-10.el7_1.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"freetype-devel-2.4.11-10.el7_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-13T16:41:58", "references": ["https://access.redhat.com/security/cve/cve-2014-9667", "https://access.redhat.com/security/cve/cve-2014-9664", "https://access.redhat.com/security/cve/cve-2014-9663", "https://access.redhat.com/security/cve/cve-2014-9671", "https://access.redhat.com/errata/RHSA-2015:0696", "https://access.redhat.com/security/cve/cve-2014-9669", "https://access.redhat.com/security/cve/cve-2014-9660", "https://access.redhat.com/security/cve/cve-2014-9658", "https://access.redhat.com/security/cve/cve-2014-9673", "https://access.redhat.com/security/cve/cve-2014-9661", "https://access.redhat.com/security/cve/cve-2014-9675", "https://access.redhat.com/security/cve/cve-2014-9674", "https://access.redhat.com/security/cve/cve-2014-9657", "https://access.redhat.com/security/cve/cve-2014-9670"], "pluginID": "81907", "description": "Updated freetype packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently.\n\nMultiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2014-9673, CVE-2014-9674)\n\nMultiple flaws were found in the way FreeType handled fonts in various formats. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, possibly, disclose a portion of the application memory.\n(CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664, CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9675)\n\nAll freetype users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.", "edition": 9, "reporter": "Tenable", "published": "2015-03-18T00:00:00", "title": "RHEL 7 : freetype (RHSA-2015:0696)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:7.5", "p-cpe:/a:redhat:enterprise_linux:freetype-demos", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.2", "p-cpe:/a:redhat:enterprise_linux:freetype", "p-cpe:/a:redhat:enterprise_linux:freetype-debuginfo", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:freetype-devel"], "id": "REDHAT-RHSA-2015-0696.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81907", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0696. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81907);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:54\");\n\n script_cve_id(\"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9667\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_xref(name:\"RHSA\", value:\"2015:0696\");\n\n script_name(english:\"RHEL 7 : freetype (RHSA-2015:0696)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated freetype packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nFreeType is a free, high-quality, portable font engine that can open\nand manage font files. It also loads, hints, and renders individual\nglyphs efficiently.\n\nMultiple integer overflow flaws and an integer signedness flaw,\nleading to heap-based buffer overflows, were found in the way FreeType\nhandled Mac fonts. If a specially crafted font file was loaded by an\napplication linked against FreeType, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2014-9673, CVE-2014-9674)\n\nMultiple flaws were found in the way FreeType handled fonts in various\nformats. If a specially crafted font file was loaded by an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, disclose a portion of the application memory.\n(CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661,\nCVE-2014-9663, CVE-2014-9664, CVE-2014-9667, CVE-2014-9669,\nCVE-2014-9670, CVE-2014-9671, CVE-2014-9675)\n\nAll freetype users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues. The X server\nmust be restarted (log out, then log back in) for this update to take\neffect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9675\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:freetype-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0696\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"freetype-2.4.11-10.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"freetype-debuginfo-2.4.11-10.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"freetype-demos-2.4.11-10.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"freetype-demos-2.4.11-10.el7_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"freetype-devel-2.4.11-10.el7_1.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype / freetype-debuginfo / freetype-demos / freetype-devel\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:08:41", "references": ["https://security.gentoo.org/glsa/201503-05"], "pluginID": "81690", "description": "The remote host is affected by the vulnerability described in GLSA-201503-05 (FreeType: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker can cause Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "edition": 4, "reporter": "Tenable", "published": "2015-03-09T00:00:00", "title": "GLSA-201503-05 : FreeType: Multiple vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "modified": "2015-04-13T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:freetype", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201503-05.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81690", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201503-05.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81690);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/04/13 14:33:57 $\");\n\n script_cve_id(\"CVE-2014-9656\", \"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9659\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9662\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9665\", \"CVE-2014-9666\", \"CVE-2014-9667\", \"CVE-2014-9668\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9672\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_xref(name:\"GLSA\", value:\"201503-05\");\n\n script_name(english:\"GLSA-201503-05 : FreeType: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201503-05\n(FreeType: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FreeType. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker can cause Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201503-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All FreeType users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.5.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/freetype\", unaffected:make_list(\"ge 2.5.5\"), vulnerable:make_list(\"lt 2.5.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FreeType\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:36:50", "references": ["http://www.nessus.org/u?36c5cf70"], "pluginID": "82262", "description": "Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2014-9673, CVE-2014-9674)\n\nMultiple flaws were found in the way FreeType handled fonts in various formats. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, possibly, disclose a portion of the application memory.\n(CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664, CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9675)\n\nThe X server must be restarted (log out, then log back in) for this update to take effect.", "edition": 4, "reporter": "Tenable", "published": "2015-03-26T00:00:00", "title": "Scientific Linux Security Update : freetype on SL6.x, SL7.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2015-03-26T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150318_FREETYPE_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=82262", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82262);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/03/26 13:38:48 $\");\n\n script_cve_id(\"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9667\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n\n script_name(english:\"Scientific Linux Security Update : freetype on SL6.x, SL7.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple integer overflow flaws and an integer signedness flaw,\nleading to heap-based buffer overflows, were found in the way FreeType\nhandled Mac fonts. If a specially crafted font file was loaded by an\napplication linked against FreeType, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of\nthe user running the application. (CVE-2014-9673, CVE-2014-9674)\n\nMultiple flaws were found in the way FreeType handled fonts in various\nformats. If a specially crafted font file was loaded by an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, disclose a portion of the application memory.\n(CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661,\nCVE-2014-9663, CVE-2014-9664, CVE-2014-9667, CVE-2014-9669,\nCVE-2014-9670, CVE-2014-9671, CVE-2014-9675)\n\nThe X server must be restarted (log out, then log back in) for this\nupdate to take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1503&L=scientific-linux-errata&T=0&P=1645\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36c5cf70\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"freetype-2.3.11-15.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"freetype-debuginfo-2.3.11-15.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"freetype-demos-2.3.11-15.el6_6.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"freetype-devel-2.3.11-15.el6_6.1\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"freetype-2.4.11-10.el7_1.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"freetype-debuginfo-2.4.11-10.el7_1.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"freetype-demos-2.4.11-10.el7_1.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"freetype-devel-2.4.11-10.el7_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:37:51", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=916864", "https://bugzilla.novell.com/show_bug.cgi?id=916871", "https://bugzilla.novell.com/show_bug.cgi?id=916858", "http://support.novell.com/security/cve/CVE-2014-9671.html", "http://support.novell.com/security/cve/CVE-2014-9657.html", "http://support.novell.com/security/cve/CVE-2014-9669.html", "http://support.novell.com/security/cve/CVE-2014-9674.html", "https://bugzilla.novell.com/show_bug.cgi?id=916874", "http://support.novell.com/security/cve/CVE-2014-9668.html", "http://support.novell.com/security/cve/CVE-2014-9660.html", "https://bugzilla.novell.com/show_bug.cgi?id=916857", "https://bugzilla.novell.com/show_bug.cgi?id=916859", "https://bugzilla.novell.com/show_bug.cgi?id=916861", "http://support.novell.com/security/cve/CVE-2014-9662.html", "http://support.novell.com/security/cve/CVE-2014-9665.html", "http://support.novell.com/security/cve/CVE-2014-9659.html", "https://bugzilla.novell.com/show_bug.cgi?id=916873", "http://support.novell.com/security/cve/CVE-2014-9673.html", "http://support.novell.com/security/cve/CVE-2014-9675.html", "https://bugzilla.novell.com/show_bug.cgi?id=916872", "http://support.novell.com/security/cve/CVE-2014-9664.html", "http://support.novell.com/security/cve/CVE-2014-9661.html", "https://bugzilla.novell.com/show_bug.cgi?id=916870", "https://bugzilla.novell.com/show_bug.cgi?id=916879", "https://bugzilla.novell.com/show_bug.cgi?id=916863", "https://bugzilla.novell.com/show_bug.cgi?id=916881", "http://support.novell.com/security/cve/CVE-2014-9672.html", "http://support.novell.com/security/cve/CVE-2014-9667.html", "https://bugzilla.novell.com/show_bug.cgi?id=916865", "http://support.novell.com/security/cve/CVE-2014-9656.html", "https://bugzilla.novell.com/show_bug.cgi?id=916856", "http://support.novell.com/security/cve/CVE-2014-9663.html", "http://support.novell.com/security/cve/CVE-2014-9658.html", "http://support.novell.com/security/cve/CVE-2014-9670.html", "http://support.novell.com/security/cve/CVE-2014-9666.html"], "pluginID": "81752", "description": "The font rendering library freetype2 has been updated to fix various security issues.", "edition": 4, "reporter": "Tenable", "published": "2015-03-11T00:00:00", "title": "SuSE 11.3 Security Update : freetype2 (SAT Patch Number 10386)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "modified": "2015-03-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:freetype2", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:freetype2-32bit", "p-cpe:/a:novell:suse_linux:11:ft2demos"], "id": "SUSE_11_FREETYPE2-201503-150302.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81752", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81752);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2015/03/11 13:51:33 $\");\n\n script_cve_id(\"CVE-2014-9656\", \"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9659\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9662\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9665\", \"CVE-2014-9666\", \"CVE-2014-9667\", \"CVE-2014-9668\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9672\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n\n script_name(english:\"SuSE 11.3 Security Update : freetype2 (SAT Patch Number 10386)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The font rendering library freetype2 has been updated to fix various\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916873\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=916881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9656.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9657.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9658.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9659.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9660.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9661.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9662.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9663.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9664.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9665.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9666.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9667.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9668.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9669.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9670.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9671.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9672.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9673.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9674.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-9675.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 10386.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ft2demos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"freetype2-2.3.7-25.34.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"ft2demos-2.3.7-25.34.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"freetype2-2.3.7-25.34.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.34.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"ft2demos-2.3.7-25.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"freetype2-2.3.7-25.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"ft2demos-2.3.7-25.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"freetype2-32bit-2.3.7-25.34.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.34.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-12-02T15:35:21", "references": ["https://usn.ubuntu.com/2510-1/"], "pluginID": "81509", "description": "Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2015-02-25T00:00:00", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : freetype vulnerabilities (USN-2510-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "modified": "2018-12-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libfreetype6", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2510-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=81509", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2510-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81509);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/01 15:12:39\");\n\n script_cve_id(\"CVE-2014-9656\", \"CVE-2014-9657\", \"CVE-2014-9658\", \"CVE-2014-9659\", \"CVE-2014-9660\", \"CVE-2014-9661\", \"CVE-2014-9662\", \"CVE-2014-9663\", \"CVE-2014-9664\", \"CVE-2014-9665\", \"CVE-2014-9666\", \"CVE-2014-9667\", \"CVE-2014-9668\", \"CVE-2014-9669\", \"CVE-2014-9670\", \"CVE-2014-9671\", \"CVE-2014-9672\", \"CVE-2014-9673\", \"CVE-2014-9674\", \"CVE-2014-9675\");\n script_xref(name:\"USN\", value:\"2510-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : freetype vulnerabilities (USN-2510-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash or possibly execute arbitrary code with user privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2510-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libfreetype6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.11-1ubuntu2.8\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libfreetype6\", pkgver:\"2.4.8-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libfreetype6\", pkgver:\"2.5.2-1ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libfreetype6\", pkgver:\"2.5.2-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libfreetype6\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "f5": [{"lastseen": "2017-06-08T06:18:14", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned ID 531568 (BIG-IP), ID 531740 (BIG-IQ and Enterprise Manager), and ID 513595 (ARX) to these vulnerabilities, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H16900 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerabilities, and for information about releases or hotfixes that address the vulnerabilities, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.1 \n10.0.0 - 10.2.4| 12.1.0| Low1| FreeType package \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.1| 12.1.0| Low1| FreeType package \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low1| FreeType package \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.1| 12.1.0| Low1| FreeType package \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low1| FreeType package \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low1| FreeType package \nBIG-IP DNS| 12.0.0| 12.1.0| Low1| FreeType package \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low1| FreeType package \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| None| Low1| FreeType package \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0| Low1| FreeType package \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0| Low1| FreeType package \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low1| FreeType package \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low1| FreeType package \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low1| FreeType package \nARX| 6.0.0 - 6.4.0| None| Medium| FreeType library \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low1| FreeType package \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low1| FreeType package \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low1| FreeType package \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low1| FreeType package \nBIG-IQ ADC| 4.5.0| None| Low1| FreeType package \nBIG-IQ Centralized Management| 4.6.0| None| Low1| FreeType package \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low1| FreeType package \nLineRate| None| 2.5.0 - 2.6.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the **Severity **value. Security Advisory articles published before this date do not list a** Severity** value.\n\n1The FreeType package exists on the BIG-IP system but is not used in a way that exposes this vulnerability.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "reporter": "f5", "published": "2015-07-10T01:14:00", "title": "Multiple FreeType vulnerabilities", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2017-04-06T18:23:00", "href": "https://support.f5.com/csp/article/K16900", "id": "F5:K16900", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-11-09T00:10:00", "references": ["https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html", "https://support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html", "https://support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html"], "edition": 1, "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate these vulnerabilities by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate these vulnerabilities, you should permit access to the ARX device only over a secure network.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "reporter": "f5", "published": "2015-04-09T00:00:00", "title": "SOL16380 - FreeType vulnerabilities CVE-2014-9656 and CVE-2014-9659", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "ARX", "version": "6.4.0", "operator": "le"}], "cvelist": ["CVE-2014-9656", "CVE-2014-9659", "CVE-2014-2240"], "modified": "2015-04-09T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/300/sol16380.html", "id": "SOL16380", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2018-04-10T05:09:07", "references": ["https://rhn.redhat.com/errata/RHSA-2015-0696.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.4.11-10.el7_1.1", "packageFilename": "freetype-2.4.11-10.el7_1.1.i686.rpm", "packageName": "freetype", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.4.11-10.el7_1.1", "packageFilename": "freetype-2.4.11-10.el7_1.1.src.rpm", "packageName": "freetype", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.4.11-10.el7_1.1", "packageFilename": "freetype-2.4.11-10.el7_1.1.x86_64.rpm", "packageName": "freetype", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.4.11-10.el7_1.1", "packageFilename": "freetype-devel-2.4.11-10.el7_1.1.i686.rpm", "packageName": "freetype-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.4.11-10.el7_1.1", "packageFilename": "freetype-demos-2.4.11-10.el7_1.1.x86_64.rpm", "packageName": "freetype-demos", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.4.11-10.el7_1.1", "packageFilename": "freetype-devel-2.4.11-10.el7_1.1.x86_64.rpm", "packageName": "freetype-devel", "arch": "x86_64", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2015:0696\n\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently.\n\nMultiple integer overflow flaws and an integer signedness flaw, leading to\nheap-based buffer overflows, were found in the way FreeType handled Mac\nfonts. If a specially crafted font file was loaded by an application linked\nagainst FreeType, it could cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2014-9673, CVE-2014-9674)\n\nMultiple flaws were found in the way FreeType handled fonts in various\nformats. If a specially crafted font file was loaded by an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, disclose a portion of the application memory. (CVE-2014-9657,\nCVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664,\nCVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9675)\n\nAll freetype users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021019.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0696.html", "edition": 5, "reporter": "CentOS Project", "published": "2015-04-01T03:14:59", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "title": "freetype security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2015-04-01T03:14:59", "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/021019.html", "id": "CESA-2015:0696", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:08", "references": ["https://rhn.redhat.com/errata/RHSA-2015-0696.html"], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.3.11-15.14.amzn1", "arch": "i686", "packageFilename": "freetype-devel-2.3.11-15.14.amzn1.i686.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.3.11-15.14.amzn1", "arch": "x86_64", "packageFilename": "freetype-2.3.11-15.14.amzn1.x86_64.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.3.11-15.14.amzn1", "arch": "src", "packageFilename": "freetype-2.3.11-15.14.amzn1.src.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.3.11-15.14.amzn1", "arch": "x86_64", "packageFilename": "freetype-debuginfo-2.3.11-15.14.amzn1.x86_64.rpm", "packageName": "freetype-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.3.11-15.14.amzn1", "arch": "i686", "packageFilename": "freetype-debuginfo-2.3.11-15.14.amzn1.i686.rpm", "packageName": "freetype-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.3.11-15.14.amzn1", "arch": "i686", "packageFilename": "freetype-demos-2.3.11-15.14.amzn1.i686.rpm", "packageName": "freetype-demos", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.3.11-15.14.amzn1", "arch": "x86_64", "packageFilename": "freetype-demos-2.3.11-15.14.amzn1.x86_64.rpm", "packageName": "freetype-demos", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.3.11-15.14.amzn1", "arch": "x86_64", "packageFilename": "freetype-devel-2.3.11-15.14.amzn1.x86_64.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.3.11-15.14.amzn1", "arch": "i686", "packageFilename": "freetype-2.3.11-15.14.amzn1.i686.rpm", "packageName": "freetype", "operator": "lt"}], "description": "**Issue Overview:**\n\nMultiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. ([CVE-2014-9673 __](<https://access.redhat.com/security/cve/CVE-2014-9673>), [CVE-2014-9674 __](<https://access.redhat.com/security/cve/CVE-2014-9674>))\n\nMultiple flaws were found in the way FreeType handled fonts in various formats. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, possibly, disclose a portion of the application memory. ([CVE-2014-9657 __](<https://access.redhat.com/security/cve/CVE-2014-9657>), [CVE-2014-9658 __](<https://access.redhat.com/security/cve/CVE-2014-9658>), [CVE-2014-9660 __](<https://access.redhat.com/security/cve/CVE-2014-9660>), [CVE-2014-9661 __](<https://access.redhat.com/security/cve/CVE-2014-9661>), [CVE-2014-9663 __](<https://access.redhat.com/security/cve/CVE-2014-9663>), [CVE-2014-9664 __](<https://access.redhat.com/security/cve/CVE-2014-9664>), [CVE-2014-9667 __](<https://access.redhat.com/security/cve/CVE-2014-9667>), [CVE-2014-9669 __](<https://access.redhat.com/security/cve/CVE-2014-9669>), [CVE-2014-9670 __](<https://access.redhat.com/security/cve/CVE-2014-9670>), [CVE-2014-9671 __](<https://access.redhat.com/security/cve/CVE-2014-9671>), [CVE-2014-9675 __](<https://access.redhat.com/security/cve/CVE-2014-9675>))\n\n \n**Affected Packages:** \n\n\nfreetype\n\n \n**Issue Correction:** \nRun _yum update freetype_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n freetype-debuginfo-2.3.11-15.14.amzn1.i686 \n freetype-demos-2.3.11-15.14.amzn1.i686 \n freetype-2.3.11-15.14.amzn1.i686 \n freetype-devel-2.3.11-15.14.amzn1.i686 \n \n src: \n freetype-2.3.11-15.14.amzn1.src \n \n x86_64: \n freetype-debuginfo-2.3.11-15.14.amzn1.x86_64 \n freetype-demos-2.3.11-15.14.amzn1.x86_64 \n freetype-devel-2.3.11-15.14.amzn1.x86_64 \n freetype-2.3.11-15.14.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2015-04-01T17:05:00", "title": "Important: freetype", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:08", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2015-04-01T17:05:00", "id": "ALAS-2015-502", "href": "https://alas.aws.amazon.com/ALAS-2015-502.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:42", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9659", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9675", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9663", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9672", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9666", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9670", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9671", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9665", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9664", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9661", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9673", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9668", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9667", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9657", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9662", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9669", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9658", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9674", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9656", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9660"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "2.3.11-1ubuntu2.8", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libfreetype6", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.10", "packageVersion": "2.5.2-2ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libfreetype6", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.5.2-1ubuntu2.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libfreetype6", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "2.4.8-1ubuntu2.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libfreetype6", "operator": "lt"}], "description": "Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.", "edition": 3, "reporter": "Ubuntu", "published": "2015-02-24T00:00:00", "title": "FreeType vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "modified": "2015-02-24T00:00:00", "id": "USN-2510-1", "href": "https://usn.ubuntu.com/2510-1/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-09T00:18:40", "references": ["https://launchpad.net/bugs/1449225", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9745"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.5.2-1ubuntu2.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libfreetype6", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "2.4.8-1ubuntu2.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libfreetype6", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "2.5.2-2ubuntu3.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libfreetype6", "operator": "lt"}], "description": "It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or hang, resulting in a denial of service, or possibly expose uninitialized memory.", "edition": 5, "reporter": "Ubuntu", "published": "2015-09-10T00:00:00", "title": "FreeType vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9745", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-0674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "modified": "2015-09-10T00:00:00", "id": "USN-2739-1", "href": "https://usn.ubuntu.com/2739-1/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:10:13", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2014-2240", "https://people.canonical.com/~ubuntu-security/cve/CVE-2014-2241"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "13.10", "packageVersion": "2.4.12-0ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libfreetype6", "operator": "lt"}], "description": "Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2014-2240, CVE-2014-2241)", "edition": 3, "reporter": "Ubuntu", "published": "2014-03-17T00:00:00", "title": "FreeType vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-2241", "CVE-2014-2240"], "modified": "2014-03-17T00:00:00", "id": "USN-2148-1", "href": "https://usn.ubuntu.com/2148-1/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T21:41:35", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "2.4.11-10.ael7b_1.1", "arch": "ppc64le", "packageName": "freetype", "packageFilename": "freetype-2.4.11-10.ael7b_1.1.ppc64le.rpm", "operator": "lt"}], "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently.\n\nMultiple integer overflow flaws and an integer signedness flaw, leading to\nheap-based buffer overflows, were found in the way FreeType handled Mac\nfonts. If a specially crafted font file was loaded by an application linked\nagainst FreeType, it could cause the application to crash or, potentially,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2014-9673, CVE-2014-9674)\n\nMultiple flaws were found in the way FreeType handled fonts in various\nformats. If a specially crafted font file was loaded by an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, disclose a portion of the application memory. (CVE-2014-9657,\nCVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664,\nCVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9675)\n\nAll freetype users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The X server must be\nrestarted (log out, then log back in) for this update to take effect.", "reporter": "RedHat", "published": "2015-03-17T20:08:39", "type": "redhat", "title": "(RHSA-2015:0696) Important: freetype security update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9657", "CVE-2014-9658", "CVE-2014-9660", "CVE-2014-9661", "CVE-2014-9663", "CVE-2014-9664", "CVE-2014-9667", "CVE-2014-9669", "CVE-2014-9670", "CVE-2014-9671", "CVE-2014-9673", "CVE-2014-9674", "CVE-2014-9675"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-07-10T17:51:55", "id": "RHSA-2015:0696", "href": "https://access.redhat.com/errata/RHSA-2015:0696", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:59", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31771"], "description": "Multiple memory corruptions on fonts parsing.", "edition": 1, "reporter": "BUGTRAQ", "published": "2015-03-08T00:00:00", "title": "Freetype multiple security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:59", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "FreeType", "version": "2.5", "operator": "eq"}], "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "modified": "2015-03-08T00:00:00", "id": "SECURITYVULNS:VULN:14296", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14296", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:57", "references": [], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2510-1\r\nFebruary 24, 2015\r\n\r\nfreetype vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nFreeType could be made to crash or run programs as your login if it opened\r\na specially crafted file.\r\n\r\nSoftware Description:\r\n- freetype: FreeType 2 is a font engine library\r\n\r\nDetails:\r\n\r\nMateusz Jurczyk discovered that FreeType did not correctly handle certain\r\nmalformed font files. If a user were tricked into using a specially crafted\r\nfont file, a remote attacker could cause FreeType to crash or possibly\r\nexecute arbitrary code with user privileges.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.10:\r\n libfreetype6 2.5.2-2ubuntu1.1\r\n\r\nUbuntu 14.04 LTS:\r\n libfreetype6 2.5.2-1ubuntu2.4\r\n\r\nUbuntu 12.04 LTS:\r\n libfreetype6 2.4.8-1ubuntu2.2\r\n\r\nUbuntu 10.04 LTS:\r\n libfreetype6 2.3.11-1ubuntu2.8\r\n\r\nAfter a standard system update you need to restart your session to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2510-1\r\n CVE-2014-9656, CVE-2014-9657, CVE-2014-9658, CVE-2014-9659,\r\n CVE-2014-9660, CVE-2014-9661, CVE-2014-9662, CVE-2014-9663,\r\n CVE-2014-9664, CVE-2014-9665, CVE-2014-9666, CVE-2014-9667,\r\n CVE-2014-9668, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671,\r\n CVE-2014-9672, CVE-2014-9673, CVE-2014-9674, CVE-2014-9675\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/freetype/2.5.2-2ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/freetype/2.5.2-1ubuntu2.4\r\n https://launchpad.net/ubuntu/+source/freetype/2.4.8-1ubuntu2.2\r\n https://launchpad.net/ubuntu/+source/freetype/2.3.11-1ubuntu2.8\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2015-03-08T00:00:00", "title": "[USN-2510-1] FreeType vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:57", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "modified": "2015-03-08T00:00:00", "id": "SECURITYVULNS:DOC:31771", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31771", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:54", "references": ["https://vulners.com/securityvulns/securityvulns:doc:30366"], "description": "Few different memory corruptions.", "edition": 1, "reporter": "UBUNTU", "published": "2014-03-18T00:00:00", "title": "FreeType memory corruption", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:54", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-2241", "CVE-2014-2240"], "modified": "2014-03-18T00:00:00", "id": "SECURITYVULNS:VULN:13610", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13610", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "references": [], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2148-1\r\nMarch 17, 2014\r\n\r\nfreetype vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 13.10\r\n\r\nSummary:\r\n\r\nFreeType could be made to crash or run programs as your login if it opened\r\na specially crafted font file.\r\n\r\nSoftware Description:\r\n- freetype: FreeType 2 is a font engine library\r\n\r\nDetails:\r\n\r\nMateusz Jurczyk discovered that FreeType did not correctly handle certain\r\nmalformed font files. If a user were tricked into using a specially crafted\r\nfont file, a remote attacker could cause FreeType to crash or possibly\r\nexecute arbitrary code with user privileges. &#40;CVE-2014-2240, CVE-2014-2241&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 13.10:\r\n libfreetype6 2.4.12-0ubuntu1.1\r\n\r\nAfter a standard system update you need to restart your session to make all\r\nthe necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2148-1\r\n CVE-2014-2240, CVE-2014-2241\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/freetype/2.4.12-0ubuntu1.1\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2014-03-18T00:00:00", "title": "[USN-2148-1] FreeType vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:50", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-2241", "CVE-2014-2240"], "modified": "2014-03-18T00:00:00", "id": "SECURITYVULNS:DOC:30366", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30366", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:48", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9661", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9670", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9666", "https://bugs.gentoo.org/show_bug.cgi?id=539796", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9675", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9662", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9656", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9669", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9667", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9660", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9668", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9673", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9664", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9658", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9674", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9659", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9672", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9671", "https://bugs.gentoo.org/show_bug.cgi?id=532152", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9657", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9665", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9663"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.5.5", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "media-libs/freetype", "operator": "lt"}], "edition": 1, "description": "### Background\n\nFreeType is a high-quality and portable font engine.\n\n### Description\n\nMultiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker can cause Denial of Service.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FreeType users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/freetype-2.5.5\"", "reporter": "Gentoo Foundation", "published": "2015-03-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "gentoo", "title": "FreeType: Multiple vulnerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9668", "CVE-2014-9659", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661", "CVE-2014-9662"], "modified": "2015-03-08T00:00:00", "id": "GLSA-201503-05", "href": "https://security.gentoo.org/glsa/201503-05", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:47:05", "references": ["https://bugs.gentoo.org/show_bug.cgi?id=504088", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2240"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.5.3-r1", "packageFilename": "UNKNOWN", "packageName": "media-libs/freetype", "arch": "all", "operator": "lt"}], "description": "### Background\n\nFreeType is a high-quality and portable font engine.\n\n### Description\n\nA stack-based buffer overflow exists in Freetype\u2019s cf2_hintmap_build function in cff/cf2hints.c. \n\n### Impact\n\nA remote attacker may be able to execute arbitrary code or cause a Denial of Service condition via specially crafted font file. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FreeType users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/freetype-2.5.3-r1\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying these packages.", "edition": 1, "reporter": "Gentoo Foundation", "published": "2014-08-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "type": "gentoo", "title": "FreeType: Arbitrary code execution", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2240"], "modified": "2014-08-09T00:00:00", "id": "GLSA-201408-02", "href": "https://security.gentoo.org/glsa/201408-02", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:14:09", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "2.4.2-2.1+squeeze5", "arch": "all", "packageFilename": "libfreetype6-udeb_2.4.2-2.1+squeeze5_all.deb", "packageName": "libfreetype6-udeb", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "2.4.2-2.1+squeeze5", "arch": "all", "packageFilename": "freetype_2.4.2-2.1+squeeze5_all.deb", "packageName": "freetype", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "2.4.2-2.1+squeeze5", "arch": "all", "packageFilename": "freetype2-demos_2.4.2-2.1+squeeze5_all.deb", "packageName": "freetype2-demos", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "2.4.2-2.1+squeeze5", "arch": "all", "packageFilename": "libfreetype6_2.4.2-2.1+squeeze5_all.deb", "packageName": "libfreetype6", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "2.4.2-2.1+squeeze5", "arch": "all", "packageFilename": "libfreetype6-dev_2.4.2-2.1+squeeze5_all.deb", "packageName": "libfreetype6-dev", "operator": "lt"}], "description": "Package : freetype\nVersion : 2.4.2-2.1+squeeze5\nCVE ID : CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9660 \n CVE-2014-9661 CVE-2014-9663 CVE-2014-9664 CVE-2014-9665\n CVE-2014-9666 CVE-2014-9667 CVE-2014-9669 CVE-2014-9670\n CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674\n CVE-2014-9675\nDebian Bug : 777656\n\nMateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening\nmalformed fonts may result in denial of service or the execution of\narbitrary code.\n\nFor the oldstable distribution (squeeze), these problems have been fixed\nin version 2.4.2-2.1+squeeze5.\n\nFor the stable distribution (wheezy), these problems were fixed in\nversion 2.4.9-1.1+deb7u1.\n\n-- \nBen Hutchings - Debian developer, member of Linux kernel and LTS teams\n\n", "edition": 1, "reporter": "Debian", "published": "2015-03-31T23:30:56", "title": "[SECURITY] [DLA 185-1] freetype security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:09", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9665", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2015-03-31T23:30:56", "id": "DEBIAN:DLA-185-1:EB551", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201503/msg00022.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-18T13:49:52", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "2.4.9-1.1+deb7u1", "arch": "all", "packageFilename": "freetype_2.4.9-1.1+deb7u1_all.deb", "packageName": "freetype", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3188-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 15, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : freetype\nCVE ID : CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9660 \n CVE-2014-9661 CVE-2014-9663 CVE-2014-9664 CVE-2014-9666\n CVE-2014-9667 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671\n CVE-2014-9672 CVE-2014-9673 CVE-2014-9675\n\nMateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening\nmalformed fonts may result in denial of service or the execution of\narbitrary code.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 2.4.9-1.1+deb7u1.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 2.5.2-3.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.5.2-3.\n\nWe recommend that you upgrade your freetype packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2015-03-15T19:49:22", "title": "[SECURITY] [DSA 3188-1] freetype security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:49:52", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9656", "CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9666", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9669", "CVE-2014-9672", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2015-03-15T19:49:22", "id": "DEBIAN:DSA-3188-1:32E7A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00073.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-18T13:49:52", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "2.4.9-1.1+deb7u3", "arch": "all", "packageFilename": "freetype_2.4.9-1.1+deb7u3_all.deb", "packageName": "freetype", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3461-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nJanuary 30, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : freetype\nCVE ID : CVE-2014-9674\nDebian Bug : 777656\n\nMateusz Jurczyk discovered multiple vulnerabilities in\nFreetype. Opening malformed fonts may result in denial of service or\nthe execution of arbitrary code.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 2.4.9-1.1+deb7u3.\n\nWe recommend that you upgrade your freetype packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2016-01-31T08:11:39", "title": "[SECURITY] [DSA 3461-1] freetype security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:49:52", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9674"], "modified": "2016-01-31T08:11:39", "id": "DEBIAN:DSA-3461-1:EBA43", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00032.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:48:12", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "x86_64", "packageFilename": "freetype-demos-2.3.11-15.el6_6.1.x86_64.rpm", "packageName": "freetype-demos", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "i686", "packageFilename": "freetype-devel-2.3.11-15.el6_6.1.i686.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "i686", "packageFilename": "freetype-devel-2.3.11-15.el6_6.1.i686.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "src", "packageFilename": "freetype-2.3.11-15.el6_6.1.src.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "src", "packageFilename": "freetype-2.3.11-15.el6_6.1.src.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.4.11-10.el7_1.1", "arch": "src", "packageFilename": "freetype-2.4.11-10.el7_1.1.src.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.4.11-10.el7_1.1", "arch": "i686", "packageFilename": "freetype-devel-2.4.11-10.el7_1.1.i686.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "x86_64", "packageFilename": "freetype-devel-2.3.11-15.el6_6.1.x86_64.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.4.11-10.el7_1.1", "arch": "x86_64", "packageFilename": "freetype-demos-2.4.11-10.el7_1.1.x86_64.rpm", "packageName": "freetype-demos", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "i686", "packageFilename": "freetype-2.3.11-15.el6_6.1.i686.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "i686", "packageFilename": "freetype-2.3.11-15.el6_6.1.i686.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "x86_64", "packageFilename": "freetype-2.3.11-15.el6_6.1.x86_64.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.4.11-10.el7_1.1", "arch": "x86_64", "packageFilename": "freetype-2.4.11-10.el7_1.1.x86_64.rpm", "packageName": "freetype", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.3.11-15.el6_6.1", "arch": "i686", "packageFilename": "freetype-demos-2.3.11-15.el6_6.1.i686.rpm", "packageName": "freetype-demos", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.4.11-10.el7_1.1", "arch": "x86_64", "packageFilename": "freetype-devel-2.4.11-10.el7_1.1.x86_64.rpm", "packageName": "freetype-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.4.11-10.el7_1.1", "arch": "i686", "packageFilename": "freetype-2.4.11-10.el7_1.1.i686.rpm", "packageName": "freetype", "operator": "lt"}], "description": "[2.3.11-15.el6_6.1]\n- Fixes CVE-2014-9657\n - Check minimum size of record_size.\n- Fixes CVE-2014-9658\n - Use correct value for minimum table length test.\n- Fixes CVE-2014-9675\n - New macro that checks one character more than strncmp.\n- Fixes CVE-2014-9660\n - Check _BDF_GLYPH_BITS.\n- Fixes CVE-2014-9661\n - Initialize face->ttf_size.\n - Always set face->ttf_size directly.\n - Exclusively use the truetype font driver for loading\n the font contained in the sfnts array.\n- Fixes CVE-2014-9663\n - Fix order of validity tests.\n- Fixes CVE-2014-9664\n - Add another boundary testing.\n - Fix boundary testing.\n- Fixes CVE-2014-9667\n - Protect against addition overflow.\n- Fixes CVE-2014-9669\n - Protect against overflow in additions and multiplications.\n- Fixes CVE-2014-9670\n - Add sanity checks for row and column values.\n- Fixes CVE-2014-9671\n - Check size and offset values.\n- Fixes CVE-2014-9673\n - Fix integer overflow by a broken POST table in resource-fork.\n- Fixes CVE-2014-9674\n - Fix integer overflow by a broken POST table in resource-fork.\n - Additional overflow check in the summation of POST fragment lengths.\n- Work around behaviour of X11s pcfWriteFont and pcfReadFont functions\n- Resolves: #1197737\n[2.3.11-15]\n- Fix CVE-2012-5669\n (Use correct array size for checking glyph_enc)\n- Resolves: #903543", "edition": 3, "reporter": "Oracle", "published": "2015-03-17T00:00:00", "title": "freetype security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9657", "CVE-2014-9675", "CVE-2014-9664", "CVE-2014-9660", "CVE-2014-9671", "CVE-2014-9658", "CVE-2014-9674", "CVE-2014-9669", "CVE-2012-5669", "CVE-2014-9673", "CVE-2014-9670", "CVE-2014-9667", "CVE-2014-9663", "CVE-2014-9661"], "modified": "2015-03-17T00:00:00", "id": "ELSA-2015-0696", "href": "http://linux.oracle.com/errata/ELSA-2015-0696.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cve": [{"lastseen": "2018-11-01T05:14:38", "references": ["http://www.ubuntu.com/usn/USN-2510-1", "https://security.gentoo.org/glsa/201503-05", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html", "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html", "http://advisories.mageia.org/MGASA-2015-0083.html", "http://code.google.com/p/google-security-research/issues/detail?id=167", "http://www.securityfocus.com/bid/72986", "http://www.debian.org/security/2015/dsa-3188", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html", "http://www.ubuntu.com/usn/USN-2739-1", "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=257c270bd25e15890190a28a1456e7623bba4439", "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"], "description": "The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap.", "edition": 4, "reporter": "NVD", "published": "2015-02-08T06:59:28", "title": "CVE-2014-9666", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-9666"], "scanner": [], "modified": "2018-10-30T12:27:35", "cpe": ["cpe:/o:oracle:solaris:10.0", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:oracle:solaris:11.2", "cpe:/a:freetype:freetype:2.5.3", "cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:6", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1", "cpe:/o:redhat:enterprise_linux_server_eus:6.6.z"], "id": "CVE-2014-9666", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9666", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:14:38", "references": ["http://www.ubuntu.com/usn/USN-2510-1", "https://security.gentoo.org/glsa/201503-05", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html", "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html", "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6", "http://advisories.mageia.org/MGASA-2015-0083.html", "http://www.securityfocus.com/bid/72986", "http://code.google.com/p/google-security-research/issues/detail?id=158", "http://www.debian.org/security/2015/dsa-3188", "http://rhn.redhat.com/errata/RHSA-2015-0696.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html", "http://www.ubuntu.com/usn/USN-2739-1", "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"], "description": "Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.", "edition": 4, "reporter": "NVD", "published": "2015-02-08T06:59:31", "title": "CVE-2014-9670", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-9670"], "scanner": [], "modified": "2018-10-30T12:27:35", "cpe": ["cpe:/o:oracle:solaris:10.0", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:oracle:solaris:11.2", "cpe:/a:freetype:freetype:2.5.3", "cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:6", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1", "cpe:/o:redhat:enterprise_linux_server_eus:6.6.z"], "id": "CVE-2014-9670", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9670", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:14:38", "references": ["http://code.google.com/p/google-security-research/issues/detail?id=194", "http://www.ubuntu.com/usn/USN-2510-1", "https://security.gentoo.org/glsa/201503-05", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html", "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html", "http://advisories.mageia.org/MGASA-2015-0083.html", "http://www.securityfocus.com/bid/72986", "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c", "http://www.debian.org/security/2015/dsa-3188", "http://rhn.redhat.com/errata/RHSA-2015-0696.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html", "http://www.ubuntu.com/usn/USN-2739-1", "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"], "description": "The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.", "edition": 4, "reporter": "NVD", "published": "2015-02-08T06:59:20", "title": "CVE-2014-9658", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-9658"], "scanner": [], "modified": "2018-10-30T12:27:35", "cpe": ["cpe:/o:oracle:solaris:10.0", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:oracle:solaris:11.2", "cpe:/a:freetype:freetype:2.5.3", "cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:6", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1", "cpe:/o:redhat:enterprise_linux_server_eus:6.6.z"], "id": "CVE-2014-9658", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9658", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:14:38", "references": ["http://www.ubuntu.com/usn/USN-2510-1", "https://security.gentoo.org/glsa/201503-05", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html", "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html", "http://advisories.mageia.org/MGASA-2015-0083.html", "http://code.google.com/p/google-security-research/issues/detail?id=184", "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9bd20b7304aae61de5d50ac359cf27132bafd4c1", "http://www.securityfocus.com/bid/72986", "http://www.debian.org/security/2015/dsa-3188", "http://rhn.redhat.com/errata/RHSA-2015-0696.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html", "http://www.ubuntu.com/usn/USN-2739-1", "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"], "description": "The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.", "edition": 4, "reporter": "NVD", "published": "2015-02-08T06:59:25", "title": "CVE-2014-9663", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-9663"], "scanner": [], "modified": "2018-10-30T12:27:35", "cpe": ["cpe:/o:oracle:solaris:10.0", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:oracle:solaris:11.2", "cpe:/a:freetype:freetype:2.5.3", "cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:6", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1", "cpe:/o:redhat:enterprise_linux_server_eus:6.6.z"], "id": "CVE-2014-9663", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9663", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:14:38", "references": ["http://www.ubuntu.com/usn/USN-2510-1", "https://security.gentoo.org/glsa/201503-05", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html", "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html", "http://advisories.mageia.org/MGASA-2015-0083.html", "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5f201ab5c24cb69bc96b724fd66e739928d6c5e2", "http://www.securityfocus.com/bid/72986", "http://code.google.com/p/google-security-research/issues/detail?id=185", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html", "http://www.ubuntu.com/usn/USN-2739-1"], "description": "cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.", "edition": 4, "reporter": "NVD", "published": "2015-02-08T06:59:24", "title": "CVE-2014-9662", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-9662"], "scanner": [], "modified": "2018-10-30T12:27:35", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:freetype:freetype:2.5.3", "cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:debian:debian_linux:7.0"], "id": "CVE-2014-9662", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9662", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:14:38", "references": ["http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=240c94a185cd8dae7d03059abec8a5662c35ecd3", "http://www.ubuntu.com/usn/USN-2510-1", "https://security.gentoo.org/glsa/201503-05", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html", "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html", "http://advisories.mageia.org/MGASA-2015-0083.html", "http://www.securityfocus.com/bid/72986", "http://rhn.redhat.com/errata/RHSA-2015-0696.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html", "http://www.ubuntu.com/usn/USN-2739-1", "http://code.google.com/p/google-security-research/issues/detail?id=153", "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "http://www.debian.org/security/2016/dsa-3461", "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=cd4a5a26e591d01494567df9dec7f72d59551f6e"], "description": "The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.", "edition": 4, "reporter": "NVD", "published": "2015-02-08T06:59:35", "title": "CVE-2014-9674", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-9674"], "scanner": [], "modified": "2018-10-30T12:27:35", "cpe": ["cpe:/o:oracle:solaris:10.0", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:oracle:solaris:11.2", "cpe:/a:freetype:freetype:2.5.3", "cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1", "cpe:/o:redhat:enterprise_linux_server_eus:6.6.z"], "id": "CVE-2014-9674", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9674", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:14:38", "references": ["http://www.ubuntu.com/usn/USN-2510-1", "https://security.gentoo.org/glsa/201503-05", "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html", "http://advisories.mageia.org/MGASA-2015-0083.html", "http://www.securityfocus.com/bid/72986", "http://www.debian.org/security/2015/dsa-3188", "http://code.google.com/p/google-security-research/issues/detail?id=155", "http://www.ubuntu.com/usn/USN-2739-1", "http://packetstormsecurity.com/files/134395/FreeType-2.5.3-Mac-FOND-Resource-Parsing-Out-Of-Bounds-Read-From-Stack.html", "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=18a8f0d9943369449bc4de92d411c78fb08d616c"], "description": "Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.", "edition": 4, "reporter": "NVD", "published": "2015-02-08T06:59:33", "title": "CVE-2014-9672", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-9672"], "scanner": [], "modified": "2018-10-30T12:27:35", "cpe": ["cpe:/o:oracle:solaris:10.0", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~", "cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:oracle:solaris:11.2", "cpe:/a:freetype:freetype:2.5.3", "cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:debian:debian_linux:7.0"], "id": "CVE-2014-9672", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9672", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:14:38", "references": ["http://www.ubuntu.com/usn/USN-2510-1", "https://security.gentoo.org/glsa/201503-05", "http://code.google.com/p/google-security-research/issues/detail?id=187", "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3788187e0c396952cd7d905c6c61f3ff8e84b2b4", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html", "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html", "http://advisories.mageia.org/MGASA-2015-0083.html", "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=42fcd6693ec7bd6ffc65ddc63e74287a65dda669", "http://www.securityfocus.com/bid/72986", "http://www.debian.org/security/2015/dsa-3188", "http://rhn.redhat.com/errata/RHSA-2015-0696.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html", "http://www.ubuntu.com/usn/USN-2739-1", "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "http://packetstormsecurity.com/files/134396/FreeType-2.5.3-Type42-Parsing-Use-After-Free.html"], "description": "type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.", "edition": 4, "reporter": "NVD", "published": "2015-02-08T06:59:23", "title": "CVE-2014-9661", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-9661"], "scanner": [], "modified": "2018-10-30T12:27:35", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:freetype:freetype:2.5.3", "cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:6", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1", "cpe:/o:redhat:enterprise_linux_server_eus:6.6.z"], "id": "CVE-2014-9661", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9661", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:14:38", "references": ["http://www.ubuntu.com/usn/USN-2510-1", "https://security.gentoo.org/glsa/201503-05", "http://code.google.com/p/google-security-research/issues/detail?id=188", "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=af8346172a7b573715134f7a51e6c5c60fa7f2ab", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html", "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html", "http://advisories.mageia.org/MGASA-2015-0083.html", "http://www.securityfocus.com/bid/72986", "http://www.debian.org/security/2015/dsa-3188", "http://rhn.redhat.com/errata/RHSA-2015-0696.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html", "http://www.ubuntu.com/usn/USN-2739-1", "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"], "description": "The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.", "edition": 4, "reporter": "NVD", "published": "2015-02-08T06:59:22", "title": "CVE-2014-9660", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-9660"], "scanner": [], "modified": "2018-10-30T12:27:35", "cpe": ["cpe:/o:oracle:solaris:10.0", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:oracle:solaris:11.2", "cpe:/a:freetype:freetype:2.5.3", "cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:7.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_hpc_node:6", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.1", "cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.1", "cpe:/o:redhat:enterprise_linux_server_eus:6.6.z"], "id": "CVE-2014-9660", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9660", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-01T05:14:38", "references": ["http://www.ubuntu.com/usn/USN-2510-1", "https://security.gentoo.org/glsa/201503-05", "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f0292bb9920aa1dbfed5f53861e7c7a89b35833a", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html", "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html", "http://code.google.com/p/google-security-research/issues/detail?id=196", "http://advisories.mageia.org/MGASA-2015-0083.html", "http://www.securityfocus.com/bid/72986", "http://www.debian.org/security/2015/dsa-3188", "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html", "http://www.ubuntu.com/usn/USN-2739-1", "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"], "description": "The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.", "edition": 4, "reporter": "NVD", "published": "2015-02-08T06:59:15", "title": "CVE-2014-9656", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-9656"], "scanner": [], "modified": "2018-10-30T12:27:35", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~", "cpe:/o:fedoraproject:fedora:21", "cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~", "cpe:/o:opensuse:opensuse:13.2", "cpe:/a:freetype:freetype:2.5.3", "cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:fedoraproject:fedora:20", "cpe:/o:debian:debian_linux:7.0"], "id": "CVE-2014-9656", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9656", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T17:31:55", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 66292\r\nCVE ID:CVE-2014-2241\r\n\r\nFreeType\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5b57\u4f53\u51fd\u6570\u5e93\u3002\r\n\r\nFreeType 'src/cff/cf2ft.c'\u4e2d\u7684cf2_initLocalRegionBuffer,\r\ncf2_initGlobalRegionBuffer\u51fd\u6570\u5b58\u5728\u4e00\u4e2a\u65ad\u8a00\u5931\u8d25\u9519\u8bef\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610f\u5b57\u4f53\uff0c\u8bf1\u4f7f\u5e94\u7528\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\n0\nFreeType &lt; 2.5.3\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nFreeType\r\n-----\r\n\u7528\u6237\u53ef\u53c2\u8003\u5382\u5546\u7684GIT\u5e93\u4ee5\u83b7\u5f97\u8865\u4e01\u4fee\u590d\u6b64\u6f0f\u6d1e\uff1a\r\nhttp://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969", "reporter": "Root", "published": "2014-03-11T00:00:00", "title": "FreeType 'src/cff/cf2ft.c'\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2014-2241"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2014-03-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61739", "id": "SSV:61739", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "", "status": "details"}, {"lastseen": "2017-11-19T17:36:19", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "Bugtraq ID:66074\r\nCVE ID:CVE-2014-2240\r\n\r\nFreeType\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5b57\u4f53\u51fd\u6570\u5e93\u3002\r\n\r\nFreeType 'src/cff/cf2hints.c' cf2_hintmap_build()\u51fd\u6570\u5904\u7406'stem hints'\u5b58\u5728\u4e00\u4e2a\u8d8a\u754c\u57fa\u4e8e\u6808\u7684\u8bfb/\u5199\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u6784\u5efa\u6076\u610f\u5b57\u4f53\uff0c\u8bf1\u4f7f\u5e94\u7528\u89e3\u6790\uff0c\u53ef\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\n0\nFreeType &lt; 2.5.3\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nFreeType\r\n-----\r\n\u7528\u6237\u53ef\u53c2\u8003\u5382\u5546\u7684GIT\u5e93\u4ee5\u83b7\u5f97\u8865\u4e01\u4fee\u590d\u6b64\u6f0f\u6d1e\uff1a\r\nhttp://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0eae6eb0645264c98812f0095e0f5df4541830e6", "reporter": "Root", "published": "2014-03-11T00:00:00", "type": "seebug", "title": "FreeType 'src/cff/cf2hints.c'\u8fdc\u7a0b\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2014-2240"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2014-03-11T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61740", "id": "SSV:61740", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "status": "details"}], "freebsd": [{"lastseen": "2018-08-31T01:14:46", "references": ["http://lists.nongnu.org/archive/html/freetype-announce/2014-12/msg00000.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.5.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "freetype2", "operator": "lt"}], "description": "\nWerner LEMBERG reports:\n\nThe fix for CVE-2014-2240 was not 100% complete to fix the issue\n\t from the CVE completly.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2014-12-07T00:00:00", "title": "freetype -- Out of bounds stack-based read/write", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-2240"], "modified": "2014-12-07T00:00:00", "id": "567BEB1E-7E0A-11E4-B9CC-BCAEC565249C", "href": "https://vuxml.freebsd.org/freebsd/567beb1e-7e0a-11e4-b9cc-bcaec565249c.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T00:36:43", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "2.5.5", "arch": "x86_64", "packageFilename": "freetype-2.5.5-x86_64-1_slack14.0.txz", "packageName": "freetype", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "2.5.5", "arch": "i486", "packageFilename": "freetype-2.5.5-i486-1_slack14.1.txz", "packageName": "freetype", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "2.5.5", "arch": "x86_64", "packageFilename": "freetype-2.5.5-x86_64-1_slack13.37.txz", "packageName": "freetype", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "2.5.5", "arch": "i486", "packageFilename": "freetype-2.5.5-i486-1_slack13.0.txz", "packageName": "freetype", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "packageVersion": "2.5.5", "arch": "i486", "packageFilename": "freetype-2.5.5-i486-1_slack13.37.txz", "packageName": "freetype", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "2.5.5", "arch": "i486", "packageFilename": "freetype-2.5.5-i486-1_slack14.0.txz", "packageName": "freetype", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "2.5.5", "arch": "x86_64", "packageFilename": "freetype-2.5.5-x86_64-1_slack14.1.txz", "packageName": "freetype", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "2.5.5", "arch": "i486", "packageFilename": "freetype-2.5.5-i486-1_slack13.1.txz", "packageName": "freetype", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.0", "packageVersion": "2.5.5", "arch": "x86_64", "packageFilename": "freetype-2.5.5-x86_64-1_slack13.0.txz", "packageName": "freetype", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "packageVersion": "2.5.5", "arch": "x86_64", "packageFilename": "freetype-2.5.5-x86_64-1_slack13.1.txz", "packageName": "freetype", "operator": "lt"}], "description": "New freetype packages are available for Slackware 13.0, 13.1, 13.37, 14.0,\n14.1, and -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/freetype-2.5.5-i486-1_slack14.1.txz: Upgraded.\n This release fixes a security bug that could cause freetype to crash\n or run programs upon opening a specially crafted file.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2240\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/freetype-2.5.5-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/freetype-2.5.5-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/freetype-2.5.5-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/freetype-2.5.5-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/freetype-2.5.5-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/freetype-2.5.5-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/freetype-2.5.5-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/freetype-2.5.5-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/freetype-2.5.5-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/freetype-2.5.5-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/freetype-2.5.5-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/freetype-2.5.5-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n5603c6a53d1fbee8e8f01879f1fcbbb2 freetype-2.5.5-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nfcb14986e9f52b44a07c16533e668a5c freetype-2.5.5-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\nc0f054d3ad06c6f5802e0d1cd4f02d6c freetype-2.5.5-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\nbf19003d860e2f474722a3da0c0978d8 freetype-2.5.5-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n35e11b41d3001dc788f8d7ed29912fec freetype-2.5.5-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\nf516408bf21bae72bd81a06624589ac5 freetype-2.5.5-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\na2c4fa29040f789e6e0ba3d0a91587ae freetype-2.5.5-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\naccf23f2ccbe1d312ea718fc6545e984 freetype-2.5.5-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ne3288d46df60ab3e357578edcf662f7e freetype-2.5.5-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nf48f40e74dfa41312694823a6ad01676 freetype-2.5.5-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nc62847fd2ed8df065fb171efd7a05389 l/freetype-2.5.5-i486-1.txz\n\nSlackware x86_64 -current package:\nfb2f05f049de82f4133e9c7f19efa10e l/freetype-2.5.5-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg freetype-2.5.5-i486-1_slack14.1.txz", "edition": 3, "reporter": "Slackware Linux Project", "published": "2015-01-16T22:43:52", "title": "freetype", "type": "slackware", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-2240"], "modified": "2015-01-16T22:43:52", "id": "SSA-2015-016-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.508136", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}