Home > Vulnerability Database > CVE-2014-9675

Mend.io Vulnerability Database

CVE-2014-9675

Date: February 8, 2015

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.

Language: C

Severity Score

5.3

Related Resources (19)

Url: http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Url: http://www.debian.org/security/2015/dsa-3188

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2015:055

Url: http://www.securityfocus.com/bid/72986

Url: http://www.ubuntu.com/usn/USN-2739-1

Url: http://code.google.com/p/google-security-research/issues/detail?id=151

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-9675

Url: http://rhn.redhat.com/errata/RHSA-2015-0696.html

Url: http://www.ubuntu.com/usn/USN-2510-1

Url: https://source.android.com/security/bulletin/2016-11-01.html

Url: http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html

Url: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7

Url: http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html

Url: https://security.gentoo.org/glsa/201503-05

Url: http://advisories.mageia.org/MGASA-2015-0083.html

Url: https://security-tracker.debian.org/tracker/CVE-2014-9675

Url: https://access.redhat.com/security/cve/CVE-2014-9675

Url: https://www.mend.io/vulnerability-database/CVE-2014-9675

Severity Score

5.3

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-9675

Date: February 8, 2015

Language: C

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?