CVE-2014-9675
published 2015-02-08CVE-2014-9675: bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to…
medium5CVSS 3.1
AVNACLAuNCPINAN
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | freetype | < freetype 2.5.2-3 (bookworm) | freetype 2.5.2-3 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| freetype | freetype | <= 2.5.3 | — |
| freetype | freetype | >= 0 < 2.5.2-3 | 2.5.2-3 |
| freetype | freetype | >= 0 < 2.5.2-3 | 2.5.2-3 |
| freetype | freetype | >= 0 < 2.5.2-3 | 2.5.2-3 |
| freetype | freetype | >= 0 < 2.5.2-3 | 2.5.2-3 |
| android | — | — | |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_hpc_node | — | — |
| redhat | enterprise_linux_hpc_node | — | — |
| redhat | enterprise_linux_hpc_node_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_eus | — | — |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM