Vulnerabilities
Vulnerable Software
Fedoraproject:  >> Fedora  >> 20  Security Vulnerabilities
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
CVSS Score
7.5
EPSS Score
0.013
Published
2015-02-08
The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.
CVSS Score
7.5
EPSS Score
0.018
Published
2015-02-08
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
CVSS Score
5.0
EPSS Score
0.593
Published
2015-02-06
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."
CVSS Score
7.5
EPSS Score
0.012
Published
2015-02-03
ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."
CVSS Score
5.0
EPSS Score
0.015
Published
2015-02-03
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."
CVSS Score
7.5
EPSS Score
0.012
Published
2015-02-03
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."
CVSS Score
7.5
EPSS Score
0.042
Published
2015-02-03
Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.
CVSS Score
6.5
EPSS Score
0.006
Published
2015-02-01
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.
CVSS Score
5.0
EPSS Score
0.014
Published
2015-01-23
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.
CVSS Score
5.0
EPSS Score
0.013
Published
2015-01-23


Contact Us

Shodan ® - All rights reserved