CVE-2014-9675

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
canonicalubuntu_linux
15.04
freetypefreetype
𝑥
≤ 2.5.3
debiandebian_linux
7.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_hpc_node
6.0
redhatenterprise_linux_hpc_node
7.0
redhatenterprise_linux_hpc_node_eus
7.1
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_eus
6.6.z:z
redhatenterprise_linux_server_eus
7.1
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
opensuseopensuse
13.1
opensuseopensuse
13.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freetype
bullseye
2.10.4+dfsg-1+deb11u1
fixed
bookworm
2.12.1+dfsg-5+deb12u3
fixed
sid
2.13.3+dfsg-1
fixed
trixie
2.13.3+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freetype
utopic
Fixed 2.5.2-2ubuntu1.1
released
trusty
Fixed 2.5.2-1ubuntu2.4
released
precise
Fixed 2.4.8-1ubuntu2.2
released
lucid
Fixed 2.3.11-1ubuntu2.8
released
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2015-0083.html
http://code.google.com/p/google-security-research/issues/detail?id=151
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html
http://rhn.redhat.com/errata/RHSA-2015-0696.html
http://www.debian.org/security/2015/dsa-3188
http://www.mandriva.com/security/advisories?name=MDVSA-2015:055
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securityfocus.com/bid/72986
http://www.ubuntu.com/usn/USN-2510-1
http://www.ubuntu.com/usn/USN-2739-1
https://security.gentoo.org/glsa/201503-05
https://source.android.com/security/bulletin/2016-11-01.html
http://advisories.mageia.org/MGASA-2015-0083.html
http://code.google.com/p/google-security-research/issues/detail?id=151
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html
http://rhn.redhat.com/errata/RHSA-2015-0696.html
http://www.debian.org/security/2015/dsa-3188
http://www.mandriva.com/security/advisories?name=MDVSA-2015:055
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securityfocus.com/bid/72986
http://www.ubuntu.com/usn/USN-2510-1
http://www.ubuntu.com/usn/USN-2739-1
https://security.gentoo.org/glsa/201503-05
https://source.android.com/security/bulletin/2016-11-01.html