MiracleLinux 4 : freetype-2.3.11-14.AXS4.1 (AXSA:2013-89:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-89:01 advisory. The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments...

K15095307: BDF parsing vulnerability CVE-2012-5669

Security Advisory Description The bdfparseglyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read...

F5 Networks BIG-IP : BDF parsing vulnerability (K15095307)

The bdfparseglyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read. CVE-2012-5669 C Tenable Network...

SOL15095307 - BDF parsing vulnerability CVE-2012-5669

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

libXfont multiple security vulnerabilities

Memory corruptions on bdf parsing...

freetype: missing ENDCHAR NULL pointer dereference in the _bdf_parse_glyphs()

The bdfparseglyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service NULL pointer dereference or possibly have unspecified other impact via a crafted BDF font...

libXfont -- BDF parsing issues

Alan Coopersmith reports: Ilja van Sprundel, a security researcher with IOActive, has discovered an issue in the parsing of BDF font files by libXfont. Additional testing by Alan Coopersmith and William Robinet with the American Fuzzy Lop afl tool uncovered two more issues in the parsing of BDF...

RHEL 5 / 6 : freetype (RHSA-2013:0216)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0216 advisory. - freetype: heap buffer over-read in BDF parsing bdfparseglyphs 37906 CVE-2012-5669 Note that Nessus has not tested for this issue but has instea...

freetype: heap buffer over-read in BDF parsing _bdf_parse_glyphs() (#37906)

The bdfparseglyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read...

RHEL 5 / 6 : freetype (RHSA-2012:0467)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0467 advisory. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual...

freetype: heap buffer over-read in BDF parsing _bdf_is_atom() (#35597, #35598)

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service invalid heap read operation and memory corruption or possibly execute arbitrary code via crafted property data in a BDF font...

freetype: heap buffer off-by-one in BDF parsing _bdf_list_ensure() (#35643)

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service invalid heap read operation and memory corruption or possibly execute arbitrary code via a crafted header in a BDF font...

freetype: heap buffer over-read in BDF parsing _bdf_parse_glyphs() (#35599, #35600)

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service invalid heap read operation and memory corruption or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font...