7.5

CVE-2014-9661

Exploit
type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version10.04 SwEditionlts
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version14.10
CanonicalUbuntu Linux Version15.04
DebianDebian Linux Version7.0
FreetypeFreetype Version <= 2.5.3
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
FedoraprojectFedora Version20
FedoraprojectFedora Version21
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.36% 0.9
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.ubuntu.com/usn/USN-2739-1
http://advisories.mageia.org/MGASA-2015-0083.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html
http://www.debian.org/security/2015/dsa-3188
http://www.mandriva.com/security/advisories?name=MDVSA-2015:055
http://www.securityfocus.com/bid/72986
http://www.ubuntu.com/usn/USN-2510-1
https://security.gentoo.org/glsa/201503-05
http://rhn.redhat.com/errata/RHSA-2015-0696.html
http://code.google.com/p/google-security-research/issues/detail?id=187
Exploit
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3788187e0c396952cd7d905c6c61f3ff8e84b2b4
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=42fcd6693ec7bd6ffc65ddc63e74287a65dda669
http://packetstormsecurity.com/files/134396/FreeType-2.5.3-Type42-Parsing-Use-After-Free.html