CVE-2014-9746

EPSS 0.85%
Published 07.06.2016 14:06:01
Last modified 12.04.2025 10:46:40
Source security@ubuntu.com
Teams watchlist Login
Open Login

The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Freetype ≫ Freetype Version <= 2.5.3

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.85%	0.739

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.debian.org/security/2015/dsa-3370

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1

http://www.openwall.com/lists/oss-security/2015/09/11/4

http://www.openwall.com/lists/oss-security/2015/09/25/4

https://savannah.nongnu.org/bugs/?41309

https://nvd.nist.gov/vuln/detail/CVE-2014-9746

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-9746

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-9746

EUVD