ALT Linux Team

Package libfreetype update in sisyphus on 2014-03-11

ALT-PU-2014-1274-1

Package libfreetype updated to version 2.5.3-alt1 for branch sisyphus in task 116236.

Closed vulnerabilities

Published: 2014-08-09

BDU:2015-09767

Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5)
References:
Published: 2014-03-12
Modified: 2024-11-21

CVE-2014-2240

Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.

Severity: HIGH (7.5)
References:
Published: 2014-03-18
Modified: 2024-11-21

CVE-2014-2241

The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.

Severity: MEDIUM (6.8)
References:
Published: 2015-09-14
Modified: 2024-11-21

CVE-2014-9745

The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.

Severity: MEDIUM (5.0)
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top