Published: 08/02/2015 Updated: 30/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple integer overflows in sfnt/ttcmap.c in FreeType prior to 2.5.4 allow remote malicious users to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 15.04
canonical ubuntu linux 14.10
canonical ubuntu linux 14.04
canonical ubuntu linux 12.04
canonical ubuntu linux 10.04
freetype freetype
redhat enterprise linux server eus 7.1
redhat enterprise linux hpc node eus 7.1
redhat enterprise linux server eus 6.6.z
redhat enterprise linux workstation 7.0
redhat enterprise linux server 7.0
redhat enterprise linux workstation 6.0
redhat enterprise linux server 6.0
redhat enterprise linux hpc node 7.0
redhat enterprise linux desktop 7.0
redhat enterprise linux hpc node 6
redhat enterprise linux desktop 6.0
oracle solaris 11.2
oracle solaris 10.0
opensuse opensuse 13.2
opensuse opensuse 13.1
debian debian linux 7.0
fedoraproject fedora 21
fedoraproject fedora 20

Debian Bug report logs - #777656 freetype: various new security issues Package: src:freetype; Maintainer for src:freetype is Hugh McMaster <hughmcmaster@outlookcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 11 Feb 2015 06:54:07 UTC Severity: grave Tags: fixed-upstream, security, upstream Fo ...

FreeType could be made to crash or run programs as your login if it opened a specially crafted file ...

Mateusz Jurczyk discovered multiple vulnerabilities in Freetype Opening malformed fonts may result in denial of service or the execution of arbitrary code For the stable distribution (wheezy), these problems have been fixed in version 249-11+deb7u1 For the upcoming stable distribution (jessie), these problems have been fixed in version 252- ...

Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the us ...

CWE-125 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040b1112c9f94d68e200be59ea7ac3d104565 http://code.google.com/p/google-security-research/issues/detail?id=163 http://www.ubuntu.com/usn/USN-2510-1 http://www.debian.org/security/2015/dsa-3188 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html http://rhn.redhat.com/errata/RHSA-2015-0696.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:055 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html http://advisories.mageia.org/MGASA-2015-0083.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html http://www.ubuntu.com/usn/USN-2739-1 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/72986 https://security.gentoo.org/glsa/201503-05 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656 https://usn.ubuntu.com/2510-1/https://nvd.nist.gov

CVE-2014-9669

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect