Kcc

**Name of the Vulnerable Software and Affected Versions** HarfBuzz versions prior to 1.0.5 **Description** The issue allows remote attackers to cause a denial of service or possibly have other impact via crafted data. **Recommendations** For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 48.0.2564.82 Opera (affected versions not specified) **Description** The issue is related to multiple unspecified vulnerabilities in the code. These vulnerabilities can be exploited by a remote attacker to cause a denial of service or possibly have other impact via unknown vectors. **Recommendations** For Google Chrome versions prior to 48.0.2564.82, update to version 48.0.2564.82 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HarfBuzz versions prior to 1.0.6 Google Chrome versions prior to 48.0.2564.82 **Description** The issue is related to multiple unspecified vulnerabilities in the HarfBuzz library and Google Chrome browser, caused by errors in the code. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial of service or possibly have other impact via crafted data. A specific example of the issue is a buffer over-read resulting from an inverted length check in `hb-ot-font.cc`. **Recommendations** For HarfBuzz versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue. For Google Chrome versions prior to 48.0.2564.82, update to version 48.0.2564.82 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FreeType versions prior to 2.6.1 **Description** A buffer over-read issue occurs in the `T1 Get Private Dict` function within `type1/t1parse.c` due to a lack of checks on the new values of `cur` and `limit` before proceeding. This issue affects FreeType versions prior to 2.6.1. **Recommendations** For versions prior to 2.6.1, update to version 2.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `T1 Get Private Dict` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FreeType versions prior to 2.6.1 **Description** The issue is related to a heap-based buffer over-read in the `T1 Get Private Dict` function located in `type1/t1parse.c`. **Recommendations** For versions prior to 2.6.1, update to version 2.6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FreeType versions prior to 2.6.1 **Description** The issue is related to a buffer over-read in the skip comment function in psaux/psobjs.c. This occurs because ps parser skip PS token is mishandled during an FT New Memory Face operation. **Recommendations** For versions prior to 2.6.1, update to version 2.6.1 or later to resolve the issue.