Total vulnerabilities in the database
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.
| Software | From | Fixed in |
|---|---|---|
| freetype / freetype | - | 2.5.3.x |
| debian / debian_linux | 7.0 | 7.0.x |
| opensuse / opensuse | 13.1 | 13.1.x |
| opensuse / opensuse | 13.2 | 13.2.x |
| fedoraproject / fedora | 20 | 20.x |
| fedoraproject / fedora | 21 | 21.x |
| oracle / solaris | 10.0 | 10.0.x |
| oracle / solaris | 11.2 | 11.2.x |
| canonical / ubuntu_linux | 12.04 | 12.04.x |
| canonical / ubuntu_linux | 14.10 | 14.10.x |
| canonical / ubuntu_linux | 14.04 | 14.04.x |
| canonical / ubuntu_linux | 15.04 | 15.04.x |
| canonical / ubuntu_linux | 10.04 | 10.04.x |
| redhat / enterprise_linux_desktop | 7.0 | 7.0.x |
| redhat / enterprise_linux_workstation | 7.0 | 7.0.x |
| redhat / enterprise_linux_server_eus | 6.6.z | 6.6.z.x |
| redhat / enterprise_linux_server | 7.0 | 7.0.x |
| redhat / enterprise_linux_hpc_node | 7.0 | 7.0.x |
| redhat / enterprise_linux_server_eus | 7.1 | 7.1.x |
| redhat / enterprise_linux_desktop | 6.0 | 6.0.x |
| redhat / enterprise_linux_server | 6.0 | 6.0.x |
| redhat / enterprise_linux_hpc_node_eus | 7.1 | 7.1.x |
| redhat / enterprise_linux_workstation | 6.0 | 6.0.x |
| redhat / enterprise_linux_hpc_node | 6 | 6.x |