CVE-2014-9675

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7	Issue Tracking
http://code.google.com/p/google-security-research/issues/detail?id=151	Exploit
http://www.ubuntu.com/usn/USN-2510-1	Third Party Advisory
http://www.debian.org/security/2015/dsa-3188	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0696.html	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:055	Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html	Third Party Advisory
http://advisories.mageia.org/MGASA-2015-0083.html	Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html	Third Party Advisory
http://www.ubuntu.com/usn/USN-2739-1	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html	Third Party Advisory
https://source.android.com/security/bulletin/2016-11-01.html
http://www.securityfocus.com/bid/72986
https://security.gentoo.org/glsa/201503-05

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

Configuration 2 (hide)

cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:21:::::::*
	cpe:2.3:o:fedoraproject:fedora:20:::::::*

Configuration 5 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

Configuration 6 (hide)

OR	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Information

Published : 2015-02-08 03:59

Updated : 2018-10-30 09:27

NVD link : CVE-2014-9675

Mitre link : CVE-2014-9675

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

redhat

enterprise_linux_desktop
enterprise_linux_hpc_node
enterprise_linux_workstation
enterprise_linux_server_eus
enterprise_linux_hpc_node_eus
enterprise_linux_server

freetype

freetype

fedoraproject

fedora

canonical

ubuntu_linux

debian

debian_linux

opensuse

opensuse

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7", "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7", "tags": ["Issue Tracking"], "refsource": "CONFIRM"}, {"url": "http://code.google.com/p/google-security-research/issues/detail?id=151", "name": "http://code.google.com/p/google-security-research/issues/detail?id=151", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.ubuntu.com/usn/USN-2510-1", "name": "USN-2510-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://www.debian.org/security/2015/dsa-3188", "name": "DSA-3188", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html", "name": "FEDORA-2015-2216", "tags": ["Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0696.html", "name": "RHSA-2015:0696", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:055", "name": "MDVSA-2015:055", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html", "name": "FEDORA-2015-2237", "tags": ["Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://advisories.mageia.org/MGASA-2015-0083.html", "name": "http://advisories.mageia.org/MGASA-2015-0083.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html", "name": "openSUSE-SU-2015:0627", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://www.ubuntu.com/usn/USN-2739-1", "name": "USN-2739-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://source.android.com/security/bulletin/2016-11-01.html", "name": "https://source.android.com/security/bulletin/2016-11-01.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/72986", "name": "72986", "tags": [], "refsource": "BID"}, {"url": "https://security.gentoo.org/glsa/201503-05", "name": "GLSA-201503-05", "tags": [], "refsource": "GENTOO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-9675", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-02-08T11:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.5.3"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:27Z"}

5.0 /10