NVD

Id
36282  
Name
CVE-2014-9663  
Description
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field"s value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-02-08  
Modified Date
2017-01-02  
Seq
2014-9663  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
185440 36282 CVE-2014-9663 http://advisories.mageia.org/MGASA-2015-0083.html  View
185441 36282 CVE-2014-9663 http://code.google.com/p/google-security-research/issues/detail?id=184  View
185442 36282 CVE-2014-9663 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9bd20b7304aae61de5d50ac359cf27132bafd4c1  View
185443 36282 CVE-2014-9663 FEDORA-2015-2237  View
185444 36282 CVE-2014-9663 FEDORA-2015-2216  View
185445 36282 CVE-2014-9663 openSUSE-SU-2015:0627  View
185446 36282 CVE-2014-9663 RHSA-2015:0696  View
185447 36282 CVE-2014-9663 DSA-3188  View
185448 36282 CVE-2014-9663 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html  View
185449 36282 CVE-2014-9663 72986  View
185450 36282 CVE-2014-9663 USN-2510-1  View
185451 36282 CVE-2014-9663 USN-2739-1  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
18997 JVNDB-2014-007872 FreeType の sfnt/ttcmap.c 内の tt_cmap4_validate 関数におけるサービス運用妨害 (DoS) の脆弱性 FreeType の sfnt/ttcmap.c 内の tt_cmap4_validate 関数は、フィールド値の計算が完了する前に length フィールドを検証するため、サービス運用妨害 (out-of-bounds read) 状態にされるなど、不特定の影響を受ける脆弱性が存在します。 CVE-2014-9663 76956 CVE-2014-9663 36282 7.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007872.html 2014-11-22 2015-05-25 View