5

CVE-2014-9675

Exploit
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version10.04 SwEditionlts
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version14.10
CanonicalUbuntu Linux Version15.04
FreetypeFreetype Version <= 2.5.3
DebianDebian Linux Version7.0
FedoraprojectFedora Version20
FedoraprojectFedora Version21
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.16% 0.896
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Third Party Advisory
http://www.ubuntu.com/usn/USN-2739-1
Third Party Advisory
https://source.android.com/security/bulletin/2016-11-01.html
http://advisories.mageia.org/MGASA-2015-0083.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html
Third Party Advisory
http://www.debian.org/security/2015/dsa-3188
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:055
Third Party Advisory
http://www.securityfocus.com/bid/72986
http://www.ubuntu.com/usn/USN-2510-1
Third Party Advisory
https://security.gentoo.org/glsa/201503-05
http://rhn.redhat.com/errata/RHSA-2015-0696.html
Third Party Advisory
http://code.google.com/p/google-security-research/issues/detail?id=151
Exploit
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7
Issue Tracking