CVE-2014-9668

The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
opensuseopensuse
13.1
opensuseopensuse
13.2
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
canonicalubuntu_linux
15.04
freetypefreetype
𝑥
≤ 2.5.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freetype
bookworm
2.12.1+dfsg-5+deb12u3
fixed
bullseye
2.10.4+dfsg-1+deb11u1
fixed
sid
2.13.3+dfsg-1
fixed
squeeze
not-affected
trixie
2.13.3+dfsg-1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freetype
lucid
not-affected
precise
not-affected
trusty
Fixed 2.5.2-1ubuntu2.4
released
utopic
Fixed 2.5.2-2ubuntu1.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
freetype2-devel
suse enterprise desktop 15
2.9-2.13
fixed
suse enterprise desktop 15 SP1
2.9-2.13
fixed
suse enterprise desktop 15 SP2
2.10.1-4.3.1
fixed
suse enterprise desktop 15 SP3
2.10.1-4.8.1
fixed
suse enterprise desktop 15 SP4
2.10.1-4.8.1
fixed
suse enterprise desktop 15 SP5
2.10.4-150000.4.12.1
fixed
suse enterprise desktop 15 SP6
2.10.4-150000.4.15.1
fixed
suse enterprise desktop 15 SP7
2.10.4-150000.4.22.1
fixed
suse enterprise sap 15
2.9-2.13
fixed
suse enterprise sap 15 SP1
2.9-2.13
fixed
suse enterprise sap 15 SP2
2.10.1-4.3.1
fixed
suse enterprise sap 15 SP3
2.10.1-4.8.1
fixed
suse enterprise sap 15 SP4
2.10.1-4.8.1
fixed
suse enterprise sap 15 SP5
2.10.4-150000.4.12.1
fixed
suse enterprise sap 15 SP6
2.10.4-150000.4.15.1
fixed
suse enterprise sap 15 SP7
2.10.4-150000.4.22.1
fixed
suse enterprise server 15
2.9-2.13
fixed
suse enterprise server 15 SP1
2.9-2.13
fixed
suse enterprise server 15 SP2
2.10.1-4.3.1
fixed
suse enterprise server 15 SP3
2.10.1-4.8.1
fixed
suse enterprise server 15 SP4
2.10.1-4.8.1
fixed
suse enterprise server 15 SP5
2.10.4-150000.4.12.1
fixed
suse enterprise server 15 SP6
2.10.4-150000.4.15.1
fixed
suse enterprise server 15 SP7
2.10.4-150000.4.22.1
fixed
ft2demos
suse enterprise sap 12
2.5.3-5.1
fixed
suse enterprise sap 12 SP5
2.6.3-7.15.1
fixed
suse enterprise server 12
2.5.3-5.1
fixed
suse enterprise server 12 SP4
2.6.3-7.15.1
fixed
suse enterprise server 12 SP5
2.6.3-7.15.1
fixed
libfreetype6
suse enterprise desktop 15
2.9-2.13
fixed
suse enterprise desktop 15 SP1
2.9-2.13
fixed
suse enterprise desktop 15 SP2
2.10.1-4.3.1
fixed
suse enterprise desktop 15 SP3
2.10.1-4.8.1
fixed
suse enterprise desktop 15 SP4
2.10.1-4.8.1
fixed
suse enterprise desktop 15 SP5
2.10.4-150000.4.12.1
fixed
suse enterprise desktop 15 SP6
2.10.4-150000.4.15.1
fixed
suse enterprise desktop 15 SP7
2.10.4-150000.4.22.1
fixed
suse enterprise sap 12
2.5.3-5.1
fixed
suse enterprise sap 12 SP5
2.6.3-7.15.1
fixed
suse enterprise sap 15
2.9-2.13
fixed
suse enterprise sap 15 SP1
2.9-2.13
fixed
suse enterprise sap 15 SP2
2.10.1-4.3.1
fixed
suse enterprise sap 15 SP3
2.10.1-4.8.1
fixed
suse enterprise sap 15 SP4
2.10.1-4.8.1
fixed
suse enterprise sap 15 SP5
2.10.4-150000.4.12.1
fixed
suse enterprise sap 15 SP6
2.10.4-150000.4.15.1
fixed
suse enterprise sap 15 SP7
2.10.4-150000.4.22.1
fixed
suse enterprise server 12
2.5.3-5.1
fixed
suse enterprise server 12 SP4
2.6.3-7.15.1
fixed
suse enterprise server 12 SP5
2.6.3-7.15.1
fixed
suse enterprise server 15
2.9-2.13
fixed
suse enterprise server 15 SP1
2.9-2.13
fixed
suse enterprise server 15 SP2
2.10.1-4.3.1
fixed
suse enterprise server 15 SP3
2.10.1-4.8.1
fixed
suse enterprise server 15 SP4
2.10.1-4.8.1
fixed
suse enterprise server 15 SP5
2.10.4-150000.4.12.1
fixed
suse enterprise server 15 SP6
2.10.4-150000.4.15.1
fixed
suse enterprise server 15 SP7
2.10.4-150000.4.22.1
fixed
libfreetype6-32bit
suse enterprise desktop 15
2.9-2.13
fixed
suse enterprise desktop 15 SP1
2.9-2.13
fixed
suse enterprise desktop 15 SP2
2.10.1-4.3.1
fixed
suse enterprise desktop 15 SP3
2.10.1-4.8.1
fixed
suse enterprise desktop 15 SP4
2.10.1-4.8.1
fixed
suse enterprise desktop 15 SP5
2.10.4-150000.4.12.1
fixed
suse enterprise desktop 15 SP6
2.10.4-150000.4.15.1
fixed
suse enterprise desktop 15 SP7
2.10.4-150000.4.22.1
fixed
suse enterprise sap 12
2.5.3-5.1
fixed
suse enterprise sap 12 SP5
2.6.3-7.15.1
fixed
suse enterprise sap 15
2.9-2.13
fixed
suse enterprise sap 15 SP1
2.9-2.13
fixed
suse enterprise sap 15 SP2
2.10.1-4.3.1
fixed
suse enterprise sap 15 SP3
2.10.1-4.8.1
fixed
suse enterprise sap 15 SP4
2.10.1-4.8.1
fixed
suse enterprise sap 15 SP5
2.10.4-150000.4.12.1
fixed
suse enterprise sap 15 SP6
2.10.4-150000.4.15.1
fixed
suse enterprise sap 15 SP7
2.10.4-150000.4.22.1
fixed
suse enterprise server 12
2.5.3-5.1
fixed
suse enterprise server 12 SP4
2.6.3-7.15.1
fixed
suse enterprise server 12 SP5
2.6.3-7.15.1
fixed
suse enterprise server 15
2.9-2.13
fixed
suse enterprise server 15 SP1
2.9-2.13
fixed
suse enterprise server 15 SP2
2.10.1-4.3.1
fixed
suse enterprise server 15 SP3
2.10.1-4.8.1
fixed
suse enterprise server 15 SP4
2.10.1-4.8.1
fixed
suse enterprise server 15 SP5
2.10.4-150000.4.12.1
fixed
suse enterprise server 15 SP6
2.10.4-150000.4.15.1
fixed
suse enterprise server 15 SP7
2.10.4-150000.4.22.1
fixed
Common Weakness Enumeration
References
http://code.google.com/p/google-security-research/issues/detail?id=164
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html
http://www.securityfocus.com/bid/72986
http://www.ubuntu.com/usn/USN-2510-1
http://www.ubuntu.com/usn/USN-2739-1
https://security.gentoo.org/glsa/201503-05
http://code.google.com/p/google-security-research/issues/detail?id=164
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html
http://www.securityfocus.com/bid/72986
http://www.ubuntu.com/usn/USN-2510-1
http://www.ubuntu.com/usn/USN-2739-1
https://security.gentoo.org/glsa/201503-05