FKIE_CVE-2014-9675

Vulnerability from fkie_nvd - Published: 2015-02-08 11:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
References
cve@mitre.orghttp://advisories.mageia.org/MGASA-2015-0083.htmlThird Party Advisory
cve@mitre.orghttp://code.google.com/p/google-security-research/issues/detail?id=151Exploit
cve@mitre.orghttp://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7Issue Tracking
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.htmlThird Party Advisory
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.htmlThird Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2015-03/msg00091.htmlThird Party Advisory
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2015-0696.htmlThird Party Advisory
cve@mitre.orghttp://www.debian.org/security/2015/dsa-3188Third Party Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2015:055Third Party Advisory
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlThird Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/72986
cve@mitre.orghttp://www.ubuntu.com/usn/USN-2510-1Third Party Advisory
cve@mitre.orghttp://www.ubuntu.com/usn/USN-2739-1Third Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201503-05
cve@mitre.orghttps://source.android.com/security/bulletin/2016-11-01.html
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2015-0083.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://code.google.com/p/google-security-research/issues/detail?id=151Exploit
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7Issue Tracking
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-0696.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3188Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2015:055Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/72986
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2510-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2739-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201503-05
af854a3a-2127-422b-91ae-364da2661108https://source.android.com/security/bulletin/2016-11-01.html
Impacted products
Vendor Product Version
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 14.10
canonical ubuntu_linux 15.04
freetype freetype *
debian debian_linux 7.0
fedoraproject fedora 20
fedoraproject fedora 21
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_hpc_node 6.0
redhat enterprise_linux_hpc_node 7.0
redhat enterprise_linux_hpc_node_eus 7.1
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_eus 6.6.z
redhat enterprise_linux_server_eus 7.1
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
opensuse opensuse 13.1
opensuse opensuse 13.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05EE9A32-E91F-4C68-B3A9-AC5AB35C2BB3",
              "versionEndIncluding": "2.5.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7071F0C7-E43E-4F2E-9FEB-E8FB3DEA4749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FB4F7C3-1521-42B6-9820-15C2B156BAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8CD4EF-DC90-40BB-A721-6EC087507906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font."
    },
    {
      "lang": "es",
      "value": "bdf/bdflib.c en FreeType anterior a 2.5.4 identifica los nombres de propiedades con solamente verificar que una subcadena inicial est\u00e9 presente, lo que permite a atacantes remotos descubrir valores de punteros de la memoria din\u00e1mica y evadir el mecanismo de protecci\u00f3n ASLR a trav\u00e9s de una fuente BDF manipulada."
    }
  ],
  "id": "CVE-2014-9675",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-02-08T11:59:36.490",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://advisories.mageia.org/MGASA-2015-0083.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://code.google.com/p/google-security-research/issues/detail?id=151"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0696.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3188"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/72986"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2510-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2739-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201503-05"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://source.android.com/security/bulletin/2016-11-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://advisories.mageia.org/MGASA-2015-0083.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://code.google.com/p/google-security-research/issues/detail?id=151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0696.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/72986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2510-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2739-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201503-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://source.android.com/security/bulletin/2016-11-01.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.