← Back to CVEs

CVE-2014-9675

N/A

Description

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.

CVE Details

CVSS v3.1 ScoreN/A

Published2/8/2015

Last Modified4/12/2025

Sourcenvd

Honeypot Sightings0

Affected Products

canonical:ubuntu_linuxdebian:debian_linuxfedoraproject:fedorafreetype:freetypeopensuse:opensuseredhat:enterprise_linux_desktopredhat:enterprise_linux_hpc_noderedhat:enterprise_linux_hpc_node_eusredhat:enterprise_linux_serverredhat:enterprise_linux_server_eusredhat:enterprise_linux_workstation

Weaknesses (CWE)

CWE-264

References

http://advisories.mageia.org/MGASA-2015-0083.html(cve@mitre.org)

http://code.google.com/p/google-security-research/issues/detail?id=151(cve@mitre.org)

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7(cve@mitre.org)

http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html(cve@mitre.org)

http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html(cve@mitre.org)

http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html(cve@mitre.org)

http://rhn.redhat.com/errata/RHSA-2015-0696.html(cve@mitre.org)

http://www.debian.org/security/2015/dsa-3188(cve@mitre.org)

http://www.mandriva.com/security/advisories?name=MDVSA-2015:055(cve@mitre.org)

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html(cve@mitre.org)

http://www.securityfocus.com/bid/72986(cve@mitre.org)

http://www.ubuntu.com/usn/USN-2510-1(cve@mitre.org)

http://www.ubuntu.com/usn/USN-2739-1(cve@mitre.org)

https://security.gentoo.org/glsa/201503-05(cve@mitre.org)

https://source.android.com/security/bulletin/2016-11-01.html(cve@mitre.org)

http://advisories.mageia.org/MGASA-2015-0083.html(af854a3a-2127-422b-91ae-364da2661108)

http://code.google.com/p/google-security-research/issues/detail?id=151(af854a3a-2127-422b-91ae-364da2661108)

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7(af854a3a-2127-422b-91ae-364da2661108)

http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html(af854a3a-2127-422b-91ae-364da2661108)

http://rhn.redhat.com/errata/RHSA-2015-0696.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.debian.org/security/2015/dsa-3188(af854a3a-2127-422b-91ae-364da2661108)

http://www.mandriva.com/security/advisories?name=MDVSA-2015:055(af854a3a-2127-422b-91ae-364da2661108)

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/72986(af854a3a-2127-422b-91ae-364da2661108)

http://www.ubuntu.com/usn/USN-2510-1(af854a3a-2127-422b-91ae-364da2661108)

http://www.ubuntu.com/usn/USN-2739-1(af854a3a-2127-422b-91ae-364da2661108)

https://security.gentoo.org/glsa/201503-05(af854a3a-2127-422b-91ae-364da2661108)

https://source.android.com/security/bulletin/2016-11-01.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.