Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9675

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-9675
Last Modified 15 Sep 2015 10:00:03
Published 08 Feb 2015 06:59:36
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9675

Summary

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 10.04

  • Canonical Ubuntu Linux 12.04

  • Canonical Ubuntu Linux 14.04

  • Canonical Ubuntu Linux 14.10

Application

  • Freetype 2.5.3


References

CONFIRM - http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7

MISC - http://code.google.com/p/google-security-research/issues/detail?id=151

UBUNTU - USN-2510-1

DEBIAN - DSA-3188

MANDRIVA - MDVSA-2015:055

REDHAT - RHSA-2015:0696

FEDORA - FEDORA-2015-2216

FEDORA - FEDORA-2015-2237

CONFIRM - http://advisories.mageia.org/MGASA-2015-0083.html

SUSE - openSUSE-SU-2015:0627

UBUNTU - USN-2739-1


Last Updated: 27 May 2016 11:08:10