CVE-2014-9675
N/A
N/A
Summary
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.debian.org/security/2015/dsa-3188
- http://code.google.com/p/google-security-research/issues/detail?id=151
- https://security.gentoo.org/glsa/201503-05
- http://www.securityfocus.com/bid/72986
- http://www.ubuntu.com/usn/USN-2739-1
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html
- http://advisories.mageia.org/MGASA-2015-0083.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://rhn.redhat.com/errata/RHSA-2015-0696.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:055
- http://www.ubuntu.com/usn/USN-2510-1
- https://source.android.com/security/bulletin/2016-11-01.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7
References
- http://www.debian.org/security/2015/dsa-3188
- http://code.google.com/p/google-security-research/issues/detail?id=151
- https://security.gentoo.org/glsa/201503-05
- http://www.securityfocus.com/bid/72986
- http://www.ubuntu.com/usn/USN-2739-1
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html
- http://advisories.mageia.org/MGASA-2015-0083.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://rhn.redhat.com/errata/RHSA-2015-0696.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:055
- http://www.ubuntu.com/usn/USN-2510-1
- https://source.android.com/security/bulletin/2016-11-01.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.