Oracle: >> Solaris >> 11.2 Security Vulnerabilities
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.
CVSS Score
7.5
EPSS Score
0.019
Published
2015-02-08
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.
CVSS Score
7.5
EPSS Score
0.036
Published
2015-02-08
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.
CVSS Score
7.5
EPSS Score
0.028
Published
2015-02-08
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
CVSS Score
7.5
EPSS Score
0.013
Published
2015-02-08
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
CVSS Score
7.5
EPSS Score
0.013
Published
2015-02-08
jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.
CVSS Score
5.0
EPSS Score
0.01
Published
2015-02-03
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
CVSS Score
4.3
EPSS Score
0.009
Published
2015-01-21
p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVSS Score
5.8
EPSS Score
0.021
Published
2015-01-21
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.
CVSS Score
8.8
EPSS Score
0.008
Published
2015-01-18
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
CVSS Score
5.0
EPSS Score
0.011
Published
2015-01-16