Published: 08/02/2015 Updated: 30/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Subscribe to Enterprise Linux Server Eus

FreeType prior to 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote malicious users to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux server eus 6.6.z
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
redhat enterprise linux workstation 6.0
redhat enterprise linux server 6.0
redhat enterprise linux hpc node 7.0
redhat enterprise linux desktop 7.0
redhat enterprise linux hpc node 6
redhat enterprise linux desktop 6.0
redhat enterprise linux server eus 7.1
redhat enterprise linux hpc node eus 7.1
debian debian linux 7.0
opensuse opensuse 13.2
opensuse opensuse 13.1
canonical ubuntu linux 15.04
canonical ubuntu linux 14.10
canonical ubuntu linux 14.04
canonical ubuntu linux 12.04
canonical ubuntu linux 10.04
fedoraproject fedora 20
fedoraproject fedora 21
freetype freetype
oracle solaris 10.0
oracle solaris 11.2

Debian Bug report logs - #777656 freetype: various new security issues Package: src:freetype; Maintainer for src:freetype is Hugh McMaster <hughmcmaster@outlookcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 11 Feb 2015 06:54:07 UTC Severity: grave Tags: fixed-upstream, security, upstream Fo ...

FreeType could be made to crash or run programs as your login if it opened a specially crafted file ...

Mateusz Jurczyk discovered multiple vulnerabilities in Freetype Opening malformed fonts may result in denial of service or the execution of arbitrary code For the stable distribution (wheezy), these problems have been fixed in version 249-11+deb7u1 For the upcoming stable distribution (jessie), these problems have been fixed in version 252- ...

Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the us ...

CWE-119 http://code.google.com/p/google-security-research/issues/detail?id=183 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=73be9f9ab67842cfbec36ee99e8d2301434c84ca http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=dd89710f0f643eb0f99a3830e0712d26c7642acd http://www.ubuntu.com/usn/USN-2510-1 http://www.debian.org/security/2015/dsa-3188 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://rhn.redhat.com/errata/RHSA-2015-0696.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:055 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://advisories.mageia.org/MGASA-2015-0083.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://www.ubuntu.com/usn/USN-2739-1 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/72986 https://security.gentoo.org/glsa/201503-05 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656 https://usn.ubuntu.com/2510-1/https://nvd.nist.gov

CVE-2014-9664

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect