Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2020 Greenbone AGOPENVAS:1361412562311220192514
HistoryJan 23, 2020 - 12:00 a.m.

Huawei EulerOS: Security Advisory for freetype (EulerOS-SA-2019-2514)

2020-01-2300:00:00
Copyright (C) 2020 Greenbone AG
plugins.openvas.org
8

7.8 High

AI Score

Confidence

High

0.066 Low

EPSS

Percentile

93.8%

JSON

The remote host is missing an update for the Huawei EulerOS

# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.2.2019.2514");
  script_cve_id("CVE-2014-9745", "CVE-2014-9747", "CVE-2015-9381", "CVE-2015-9382", "CVE-2015-9383");
  script_tag(name:"creation_date", value:"2020-01-23 13:03:01 +0000 (Thu, 23 Jan 2020)");
  script_version("2024-02-05T14:36:56+0000");
  script_tag(name:"last_modification", value:"2024-02-05 14:36:56 +0000 (Mon, 05 Feb 2024)");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-09-04 18:54:45 +0000 (Wed, 04 Sep 2019)");

  script_name("Huawei EulerOS: Security Advisory for freetype (EulerOS-SA-2019-2514)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2020 Greenbone AG");
  script_family("Huawei EulerOS Local Security Checks");
  script_dependencies("gb_huawei_euleros_consolidation.nasl");
  script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP2");

  script_xref(name:"Advisory-ID", value:"EulerOS-SA-2019-2514");
  script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2019-2514");

  script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'freetype' package(s) announced via the EulerOS-SA-2019-2514 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a 'broken number-with-base' in a Postscript stream, as demonstrated by 8#garbage.(CVE-2014-9745)

The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font.(CVE-2014-9747)

FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.(CVE-2015-9382)

FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.(CVE-2015-9383)

FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.(CVE-2015-9381)");

  script_tag(name:"affected", value:"'freetype' package(s) on Huawei EulerOS V2.0SP2.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "EULEROS-2.0SP2") {

  if(!isnull(res = isrpmvuln(pkg:"freetype", rpm:"freetype~2.4.11~10_1.1.h8", rls:"EULEROS-2.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"freetype-devel", rpm:"freetype-devel~2.4.11~10_1.1.h8", rls:"EULEROS-2.0SP2"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

nessus 21
openvas 13
ubuntu 3
osv 1
debian 3
ibm 3
centos 2
oraclelinux 1
amazon 1
redhat 2
securityvulns 2
f5 6
debiancve 5
prion 5
ubuntucve 5
cve 5
cvelist 5
veracode 3
redhatcve 3
cloudfoundry 1
nessus
nessus
EulerOS 2.0 SP3 : freetype (EulerOS-SA-2019-2581)
2019-12-19 00:00:00
EulerOS 2.0 SP2 : freetype (EulerOS-SA-2019-2514)
2019-12-04 00:00:00
EulerOS Virtualization 3.0.2.2 : freetype (EulerOS-SA-2020-1491)
2020-04-16 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for freetype (EulerOS-SA-2019-2581)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for freetype (EulerOS-SA-2020-1491)
2020-04-16 00:00:00
Huawei EulerOS: Security Advisory for freetype (EulerOS-SA-2019-2148)
2020-01-23 00:00:00
ubuntu
ubuntu
FreeType vulnerabilities
2019-09-09 00:00:00
FreeType vulnerabilities
2015-09-10 00:00:00
FreeType vulnerability
2019-09-09 00:00:00
osv
osv
freetype - security update
2019-09-04 00:00:00
debian
debian
[SECURITY] [DLA 1909-1] freetype security update
2019-09-04 12:59:53
[SECURITY] [DLA 319-1] freetype security update
2015-09-30 07:07:15
[SECURITY] [DSA 3370-1] freetype security update
2015-10-06 21:52:53
ibm
ibm
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities (CVE-2015-9381, CVE-2015-9382)
2021-01-12 20:24:37
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple freetype2 vulnerabilities
2018-06-18 01:32:58
Security Bulletin: Vulnerabilities in krb5, giflib and freetype2 affect IBM BladeCenter Advanced Management Module (AMM) and IBM Flex System Chassis Management Module (CMM)
2023-04-14 14:32:25
centos
centos
freetype security update
2019-12-24 15:23:15
PackageKit, accountsservice, adwaita, appstream, at, atk, baobab, bolt, brasero, cairo, cheese, clutter, compat, control, dconf, devhelp, ekiga, empathy, eog, evince, evolution, file, flatpak, folks, fontconfig, freetype, fribidi, fwupd, fwupdate, gcr, gdk, gdm, gedit, geoclue2, geocode, gjs, glade, glib, glib2, glibmm24, gnome, gnote, gobject, gom, google, grilo, gsettings, gspell, gssdp, gstreamer1, gtk, gtk3, gtksourceview3, gucharmap, gupnp, gvfs, harfbuzz, json, libappstream, libchamplain, libcroco, libgdata, libgee, libgepub, libgexiv2, libgnomekbd, libgovirt, libgtop2, libgweather, libgxps, libical, libmediaart, libosinfo, libpeas, librsvg2, libsecret, libsoup, libwayland, libwnck3, mozjs52, mutter, nautilus, openchange, osinfo, pango, poppler, python2, rest, rhythmbox, seahorse, shotwell, sushi, totem, upower, vala, valadoc, vino, vte, vte291, wayland, webkitgtk4, xdg, yelp, zenity security update
2018-11-15 18:43:07
oraclelinux
oraclelinux
freetype security update
2019-12-18 00:00:00
amazon
amazon
Medium: freetype
2020-03-09 19:20:00
redhat
redhat
(RHSA-2019:4254) Moderate: freetype security update
2019-12-17 10:21:04
(RHSA-2018:3140) Moderate: GNOME security, bug fix, and enhancement update
2018-10-30 04:22:45
securityvulns
securityvulns
[SECURITY] [DSA 3370-1] freetype security update
2015-10-11 00:00:00
FreeType DoS
2015-10-11 00:00:00
f5
f5
K72372334 : FreeType vulnerability CVE-2014-9745
2016-09-28 00:00:00
SOL72372334 - FreeType vulnerability CVE-2014-9745
2016-09-28 00:00:00
K46641512 : FreeType vulnerability CVE-2015-9382
2020-09-22 00:00:00
debiancve
debiancve
CVE-2014-9745
2015-09-14 20:59:00
CVE-2015-9382
2019-09-03 05:15:00
CVE-2014-9747
2016-06-07 14:06:00
prion
prion
Code injection
2016-06-07 14:06:00
Code injection
2015-09-14 20:59:00
Design/Logic Flaw
2019-09-03 05:15:00
ubuntucve
ubuntucve
CVE-2014-9747
2016-06-07 00:00:00
CVE-2014-9745
2015-09-14 00:00:00
CVE-2015-9382
2019-09-03 00:00:00
cve
cve
CVE-2014-9747
2016-06-07 14:06:00
CVE-2014-9745
2015-09-14 20:59:00
CVE-2015-9382
2019-09-03 05:15:00
cvelist
cvelist
CVE-2014-9745
2015-09-14 20:00:00
CVE-2014-9747
2016-06-07 14:00:00
CVE-2015-9382
2019-09-03 04:52:17
veracode
veracode
Buffer Over-read
2019-12-11 00:14:18
Denial Of Service (DoS)
2021-07-06 07:45:37
Arbitrary Code Execution
2019-12-11 00:14:16
redhatcve
redhatcve
CVE-2015-9382
2019-10-21 08:25:20
CVE-2015-9381
2019-09-17 08:51:34
CVE-2015-9383
2020-04-02 13:54:55
cloudfoundry
cloudfoundry
USN-4126-1: FreeType vulnerability | Cloud Foundry
2019-09-30 00:00:00

7.8 High

AI Score

Confidence

High

0.066 Low

EPSS

Percentile

93.8%

JSON
Related for OPENVAS:1361412562311220192514
nessus21openvas13ubuntu3osv1debian3ibm3centos2oraclelinux1amazon1redhat2securityvulns2f56debiancve5prion5ubuntucve5cve5cvelist5veracode3redhatcve3cloudfoundry1