Vulnerabilities (CVE)

Filtered by CWE-119
Total 13611 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9664 7 Canonical, Debian, Fedoraproject and 4 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2026-06-17 6.8 MEDIUM N/A
FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.
CVE-2014-9663 7 Canonical, Debian, Fedoraproject and 4 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2026-06-17 7.5 HIGH N/A
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.
CVE-2014-9662 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2026-06-17 7.5 HIGH N/A
cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.
CVE-2014-9659 5 Canonical, Fedoraproject, Freetype and 2 more 5 Ubuntu Linux, Fedora, Freetype and 2 more 2026-06-17 7.5 HIGH N/A
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.
CVE-2014-9656 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2026-06-17 7.5 HIGH N/A
The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.
CVE-2014-9655 2 Debian, Remotesensing 2 Debian Linux, Libtiff 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.
CVE-2014-9654 2 Google, Icu-project 2 Chrome, International Components For Unicode 2026-06-17 7.5 HIGH 9.8 CRITICAL
The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923.
CVE-2014-9652 2 File Project, Php 2 File, Php 2026-06-17 5.0 MEDIUM N/A
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.
CVE-2014-9651 1 Call-cc 1 Chicken 2026-06-17 7.5 HIGH N/A
Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."
CVE-2014-9640 2 Opensuse, Xiph 2 Opensuse, Vorbis-tools 2026-06-17 5.0 MEDIUM N/A
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.
CVE-2014-9636 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2026-06-17 5.0 MEDIUM N/A
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
CVE-2014-9630 1 Videolan 1 Vlc Media Player 2026-06-17 6.8 MEDIUM 7.8 HIGH
The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value.
CVE-2014-9595 1 Sap 1 Sap Kernel 2026-06-17 6.5 MEDIUM N/A
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271.
CVE-2014-9594 1 Sap 1 Sap Kernel 2026-06-17 6.5 MEDIUM N/A
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, aka SAP Note 2059734.
CVE-2014-9497 1 Mpg123 1 Mpg123 2026-06-17 5.0 MEDIUM 7.5 HIGH
Buffer overflow in mpg123 before 1.18.0.
CVE-2014-9495 2 Apple, Libpng 2 Mac Os X, Libpng 2026-06-17 10.0 HIGH 8.8 HIGH
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
CVE-2014-9488 2 Gnu, Opensuse 2 Less, Opensuse 2026-06-17 10.0 HIGH N/A
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.
CVE-2014-9474 1 Mpfr 1 Gnu Mpfr 2026-06-17 7.5 HIGH 9.8 CRITICAL
Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str.
CVE-2014-9458 1 Hex-rays 1 Ida 2026-06-17 10.0 HIGH N/A
Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors.
CVE-2014-9456 1 Don Ho 1 Notepad\+\+ 2026-06-17 10.0 HIGH N/A
Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. NOTE: this issue was originally incorrectly mapped to CVE-2014-1004; see CVE-2014-1004 for more information.