CVE-2014-2240 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 83%

Vendor	Product	Version
freetype	freetype	𝑥 ≤ 2.5.2
freetype	freetype	1.3.1
freetype	freetype	2.0.0
freetype	freetype	2.0.1
freetype	freetype	2.0.2
freetype	freetype	2.0.3
freetype	freetype	2.0.4
freetype	freetype	2.0.5
freetype	freetype	2.0.6
freetype	freetype	2.0.7
freetype	freetype	2.0.8
freetype	freetype	2.0.9
freetype	freetype	2.1
freetype	freetype	2.1.3
freetype	freetype	2.1.4
freetype	freetype	2.1.5
freetype	freetype	2.1.6
freetype	freetype	2.1.7
freetype	freetype	2.1.8
freetype	freetype	2.1.8:rc1
freetype	freetype	2.1.9
freetype	freetype	2.1.10
freetype	freetype	2.2.0
freetype	freetype	2.2.1
freetype	freetype	2.3.0
freetype	freetype	2.3.1
freetype	freetype	2.3.2
freetype	freetype	2.3.3
freetype	freetype	2.3.4
freetype	freetype	2.3.5
freetype	freetype	2.3.6
freetype	freetype	2.3.7
freetype	freetype	2.3.8
freetype	freetype	2.3.9
freetype	freetype	2.3.10
freetype	freetype	2.3.11
freetype	freetype	2.3.12
freetype	freetype	2.4.0
freetype	freetype	2.4.1
freetype	freetype	2.4.2
freetype	freetype	2.4.3
freetype	freetype	2.4.4
freetype	freetype	2.4.5
freetype	freetype	2.4.6
freetype	freetype	2.4.7
freetype	freetype	2.4.8
freetype	freetype	2.4.9
freetype	freetype	2.4.10
freetype	freetype	2.4.11
freetype	freetype	2.4.12
freetype	freetype	2.5
freetype	freetype	2.5.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

freetype

bullseye	2.10.4+dfsg-1+deb11u1 fixed
wheezy	not-affected
squeeze	not-affected
bookworm	2.12.1+dfsg-5+deb12u3 fixed
sid	2.13.3+dfsg-1 fixed
trixie	2.13.3+dfsg-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

freetype

saucy	Fixed 2.4.12-0ubuntu1.1 released
quantal	not-affected
precise	not-affected
lucid	not-affected

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://savannah.nongnu.org/bugs/?41697

http://secunia.com/advisories/57291

http://secunia.com/advisories/57447

http://sourceforge.net/projects/freetype/files/freetype2/2.5.3

http://www.freetype.org/index.html

http://www.securityfocus.com/bid/66074

http://www.securitytracker.com/id/1029895

http://www.ubuntu.com/usn/USN-2148-1

http://savannah.nongnu.org/bugs/?41697

http://secunia.com/advisories/57291

http://secunia.com/advisories/57447

http://sourceforge.net/projects/freetype/files/freetype2/2.5.3

http://www.freetype.org/index.html

http://www.securityfocus.com/bid/66074

http://www.securitytracker.com/id/1029895

http://www.ubuntu.com/usn/USN-2148-1