Fedoraproject

Fedora

5355 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2014-9661

Exploit
  • EPSS 4.01%
  • Veröffentlicht 08.02.2015 11:59:23
  • Zuletzt bearbeitet 06.05.2026 22:30:45

type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a craf...

7.5

CVE-2014-9660

Exploit
  • EPSS 4.65%
  • Veröffentlicht 08.02.2015 11:59:22
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact...

7.5

CVE-2014-9659

Exploit
  • EPSS 2.85%
  • Veröffentlicht 08.02.2015 11:59:21
  • Zuletzt bearbeitet 06.05.2026 22:30:45

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer o...

7.5

CVE-2014-9658

Exploit
  • EPSS 1.69%
  • Veröffentlicht 08.02.2015 11:59:20
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a craft...

7.5

CVE-2014-9657

Exploit
  • EPSS 1.69%
  • Veröffentlicht 08.02.2015 11:59:19
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a cr...

7.5

CVE-2014-9656

Exploit
  • EPSS 2.36%
  • Veröffentlicht 08.02.2015 11:59:15
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impa...

5

CVE-2014-9636

  • EPSS 58.38%
  • Veröffentlicht 06.02.2015 15:59:06
  • Zuletzt bearbeitet 06.05.2026 22:30:45

unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.

7.5

CVE-2015-1462

  • EPSS 2.39%
  • Veröffentlicht 03.02.2015 16:59:34
  • Zuletzt bearbeitet 06.05.2026 22:30:45

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."

5

CVE-2015-1463

  • EPSS 1.61%
  • Veröffentlicht 03.02.2015 16:59:34
  • Zuletzt bearbeitet 06.05.2026 22:30:45

ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."

7.5

CVE-2015-1461

  • EPSS 2.39%
  • Veröffentlicht 03.02.2015 16:59:33
  • Zuletzt bearbeitet 06.05.2026 22:30:45

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."