7.5

CVE-2014-9660

Exploit
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
CanonicalUbuntu Linux Version10.04 SwEditionlts
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version14.10
CanonicalUbuntu Linux Version15.04
DebianDebian Linux Version7.0
OracleSolaris Version10.0
OracleSolaris Version11.2
FedoraprojectFedora Version20
FedoraprojectFedora Version21
FreetypeFreetype Version <= 2.5.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.06% 0.912
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Third Party Advisory
http://www.ubuntu.com/usn/USN-2739-1
Third Party Advisory
http://advisories.mageia.org/MGASA-2015-0083.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html
Third Party Advisory
http://www.debian.org/security/2015/dsa-3188
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:055
Broken Link
http://www.securityfocus.com/bid/72986
http://www.ubuntu.com/usn/USN-2510-1
Third Party Advisory
https://security.gentoo.org/glsa/201503-05
http://rhn.redhat.com/errata/RHSA-2015-0696.html
Third Party Advisory
http://code.google.com/p/google-security-research/issues/detail?id=188
Exploit
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=af8346172a7b573715134f7a51e6c5c60fa7f2ab
Patch
Vendor Advisory