First published: Sun Feb 08 2015(Updated: )
Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Debian Debian Linux | =7.0 | |
openSUSE openSUSE | =13.1 | |
openSUSE openSUSE | =13.2 | |
Fedoraproject Fedora | =20 | |
Fedoraproject Fedora | =21 | |
Oracle Solaris | =10.0 | |
Oracle Solaris | =11.2 | |
Redhat Enterprise Linux Desktop | =6.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Hpc Node | =6 | |
Redhat Enterprise Linux Hpc Node | =7.0 | |
Redhat Enterprise Linux Hpc Node Eus | =7.1 | |
Redhat Enterprise Linux Server | =6.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Eus | =6.6.z | |
Redhat Enterprise Linux Server Eus | =7.1 | |
Redhat Enterprise Linux Workstation | =6.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
Canonical Ubuntu Linux | =10.04 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =14.10 | |
Canonical Ubuntu Linux | =15.04 | |
Freetype Freetype | <=2.5.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.