Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Desktop 12 package ft2demos, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (21)
CVE-2014-2240 — CVSS 7.5 (high): Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a…
CVE-2014-9656 — CVSS 7.5 (high): The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which…
CVE-2014-9657 — CVSS 7.5 (high): The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote…
CVE-2014-9658 — CVSS 7.5 (high): The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote…
CVE-2014-9659 — CVSS 7.5 (high): cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been…
CVE-2014-9660 — CVSS 7.5 (high): The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows…
CVE-2014-9661 — CVSS 7.5 (high): type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows…
CVE-2014-9662 — CVSS 7.5 (high): cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to…
CVE-2014-9663 — CVSS 7.5 (high): The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is…
CVE-2014-9665 — CVSS 7.5 (high): The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows…
CVE-2014-9668 — CVSS 7.5 (high): The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length…
CVE-2014-9674 — CVSS 7.5 (high): The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the…
CVE-2014-9667 — CVSS 6.8 (medium): sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote…
CVE-2014-9669 — CVSS 6.8 (medium): Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds…
CVE-2014-9664 — CVSS 6.8 (medium): FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a…
CVE-2014-9673 — CVSS 6.8 (medium): Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause…
CVE-2014-9666 — CVSS 6.8 (medium): The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting…
CVE-2014-9672 — CVSS 5.8 (medium): Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service…
CVE-2014-9675 — CVSS 5.0 (medium): bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote…
CVE-2014-9670 — CVSS 4.3 (medium): Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to…
CVE-2014-9671 — CVSS 4.3 (medium): Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of…