CVE-2014-9674

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
canonicalubuntu_linux
15.04
oraclesolaris
10.0
oraclesolaris
11.2
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_hpc_node
6.0
redhatenterprise_linux_hpc_node
7.0
redhatenterprise_linux_hpc_node_eus
7.1
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_eus
6.6.z:z
redhatenterprise_linux_server_eus
7.1
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
opensuseopensuse
13.1
opensuseopensuse
13.2
freetypefreetype
𝑥
≤ 2.5.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freetype
bookworm
2.12.1+dfsg-5+deb12u3
fixed
bullseye
2.10.4+dfsg-1+deb11u1
fixed
sid
2.13.3+dfsg-1
fixed
trixie
2.13.3+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freetype
lucid
Fixed 2.3.11-1ubuntu2.8
released
precise
Fixed 2.4.8-1ubuntu2.2
released
trusty
Fixed 2.5.2-1ubuntu2.4
released
utopic
Fixed 2.5.2-2ubuntu1.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
freetype2-devel
suse enterprise desktop 15
2.9-2.13
fixed
suse enterprise desktop 15 SP1
2.9-2.13
fixed
suse enterprise desktop 15 SP2
2.10.1-4.3.1
fixed
suse enterprise desktop 15 SP3
2.10.1-4.8.1
fixed
suse enterprise desktop 15 SP4
2.10.1-4.8.1
fixed
suse enterprise desktop 15 SP5
2.10.4-150000.4.12.1
fixed
suse enterprise desktop 15 SP6
2.10.4-150000.4.15.1
fixed
suse enterprise desktop 15 SP7
2.10.4-150000.4.22.1
fixed
suse enterprise sap 15
2.9-2.13
fixed
suse enterprise sap 15 SP1
2.9-2.13
fixed
suse enterprise sap 15 SP2
2.10.1-4.3.1
fixed
suse enterprise sap 15 SP3
2.10.1-4.8.1
fixed
suse enterprise sap 15 SP4
2.10.1-4.8.1
fixed
suse enterprise sap 15 SP5
2.10.4-150000.4.12.1
fixed
suse enterprise sap 15 SP6
2.10.4-150000.4.15.1
fixed
suse enterprise sap 15 SP7
2.10.4-150000.4.22.1
fixed
suse enterprise server 15
2.9-2.13
fixed
suse enterprise server 15 SP1
2.9-2.13
fixed
suse enterprise server 15 SP2
2.10.1-4.3.1
fixed
suse enterprise server 15 SP3
2.10.1-4.8.1
fixed
suse enterprise server 15 SP4
2.10.1-4.8.1
fixed
suse enterprise server 15 SP5
2.10.4-150000.4.12.1
fixed
suse enterprise server 15 SP6
2.10.4-150000.4.15.1
fixed
suse enterprise server 15 SP7
2.10.4-150000.4.22.1
fixed
ft2demos
suse enterprise sap 12
2.5.3-5.1
fixed
suse enterprise sap 12 SP5
2.6.3-7.15.1
fixed
suse enterprise server 12
2.5.3-5.1
fixed
suse enterprise server 12 SP4
2.6.3-7.15.1
fixed
suse enterprise server 12 SP5
2.6.3-7.15.1
fixed
libfreetype6
suse enterprise desktop 15
2.9-2.13
fixed
suse enterprise desktop 15 SP1
2.9-2.13
fixed
suse enterprise desktop 15 SP2
2.10.1-4.3.1
fixed
suse enterprise desktop 15 SP3
2.10.1-4.8.1
fixed
suse enterprise desktop 15 SP4
2.10.1-4.8.1
fixed
suse enterprise desktop 15 SP5
2.10.4-150000.4.12.1
fixed
suse enterprise desktop 15 SP6
2.10.4-150000.4.15.1
fixed
suse enterprise desktop 15 SP7
2.10.4-150000.4.22.1
fixed
suse enterprise sap 12
2.5.3-5.1
fixed
suse enterprise sap 12 SP5
2.6.3-7.15.1
fixed
suse enterprise sap 15
2.9-2.13
fixed
suse enterprise sap 15 SP1
2.9-2.13
fixed
suse enterprise sap 15 SP2
2.10.1-4.3.1
fixed
suse enterprise sap 15 SP3
2.10.1-4.8.1
fixed
suse enterprise sap 15 SP4
2.10.1-4.8.1
fixed
suse enterprise sap 15 SP5
2.10.4-150000.4.12.1
fixed
suse enterprise sap 15 SP6
2.10.4-150000.4.15.1
fixed
suse enterprise sap 15 SP7
2.10.4-150000.4.22.1
fixed
suse enterprise server 12
2.5.3-5.1
fixed
suse enterprise server 12 SP4
2.6.3-7.15.1
fixed
suse enterprise server 12 SP5
2.6.3-7.15.1
fixed
suse enterprise server 15
2.9-2.13
fixed
suse enterprise server 15 SP1
2.9-2.13
fixed
suse enterprise server 15 SP2
2.10.1-4.3.1
fixed
suse enterprise server 15 SP3
2.10.1-4.8.1
fixed
suse enterprise server 15 SP4
2.10.1-4.8.1
fixed
suse enterprise server 15 SP5
2.10.4-150000.4.12.1
fixed
suse enterprise server 15 SP6
2.10.4-150000.4.15.1
fixed
suse enterprise server 15 SP7
2.10.4-150000.4.22.1
fixed
libfreetype6-32bit
suse enterprise desktop 15
2.9-2.13
fixed
suse enterprise desktop 15 SP1
2.9-2.13
fixed
suse enterprise desktop 15 SP2
2.10.1-4.3.1
fixed
suse enterprise desktop 15 SP3
2.10.1-4.8.1
fixed
suse enterprise desktop 15 SP4
2.10.1-4.8.1
fixed
suse enterprise desktop 15 SP5
2.10.4-150000.4.12.1
fixed
suse enterprise desktop 15 SP6
2.10.4-150000.4.15.1
fixed
suse enterprise desktop 15 SP7
2.10.4-150000.4.22.1
fixed
suse enterprise sap 12
2.5.3-5.1
fixed
suse enterprise sap 12 SP5
2.6.3-7.15.1
fixed
suse enterprise sap 15
2.9-2.13
fixed
suse enterprise sap 15 SP1
2.9-2.13
fixed
suse enterprise sap 15 SP2
2.10.1-4.3.1
fixed
suse enterprise sap 15 SP3
2.10.1-4.8.1
fixed
suse enterprise sap 15 SP4
2.10.1-4.8.1
fixed
suse enterprise sap 15 SP5
2.10.4-150000.4.12.1
fixed
suse enterprise sap 15 SP6
2.10.4-150000.4.15.1
fixed
suse enterprise sap 15 SP7
2.10.4-150000.4.22.1
fixed
suse enterprise server 12
2.5.3-5.1
fixed
suse enterprise server 12 SP4
2.6.3-7.15.1
fixed
suse enterprise server 12 SP5
2.6.3-7.15.1
fixed
suse enterprise server 15
2.9-2.13
fixed
suse enterprise server 15 SP1
2.9-2.13
fixed
suse enterprise server 15 SP2
2.10.1-4.3.1
fixed
suse enterprise server 15 SP3
2.10.1-4.8.1
fixed
suse enterprise server 15 SP4
2.10.1-4.8.1
fixed
suse enterprise server 15 SP5
2.10.4-150000.4.12.1
fixed
suse enterprise server 15 SP6
2.10.4-150000.4.15.1
fixed
suse enterprise server 15 SP7
2.10.4-150000.4.22.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
freetype
RHEL 6
0:2.3.11-15.el6_6.1
fixed
RHEL 7
0:2.4.11-10.el7_1.1
fixed
freetype-demos
RHEL 6
0:2.3.11-15.el6_6.1
fixed
RHEL 7
0:2.4.11-10.el7_1.1
fixed
freetype-devel
RHEL 6
0:2.3.11-15.el6_6.1
fixed
RHEL 7
0:2.4.11-10.el7_1.1
fixed
References
http://advisories.mageia.org/MGASA-2015-0083.html
http://code.google.com/p/google-security-research/issues/detail?id=153
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=240c94a185cd8dae7d03059abec8a5662c35ecd3
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=cd4a5a26e591d01494567df9dec7f72d59551f6e
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html
http://rhn.redhat.com/errata/RHSA-2015-0696.html
http://www.debian.org/security/2016/dsa-3461
http://www.mandriva.com/security/advisories?name=MDVSA-2015:055
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securityfocus.com/bid/72986
http://www.ubuntu.com/usn/USN-2510-1
http://www.ubuntu.com/usn/USN-2739-1
https://security.gentoo.org/glsa/201503-05
http://advisories.mageia.org/MGASA-2015-0083.html
http://code.google.com/p/google-security-research/issues/detail?id=153
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=240c94a185cd8dae7d03059abec8a5662c35ecd3
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=cd4a5a26e591d01494567df9dec7f72d59551f6e
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html
http://rhn.redhat.com/errata/RHSA-2015-0696.html
http://www.debian.org/security/2016/dsa-3461
http://www.mandriva.com/security/advisories?name=MDVSA-2015:055
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securityfocus.com/bid/72986
http://www.ubuntu.com/usn/USN-2510-1
http://www.ubuntu.com/usn/USN-2739-1
https://security.gentoo.org/glsa/201503-05