NVD

Id
36294  
Name
CVE-2014-9675  
Description
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2015-02-08  
Modified Date
2017-01-02  
Seq
2014-9675  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
185572 36294 CVE-2014-9675 http://advisories.mageia.org/MGASA-2015-0083.html  View
185573 36294 CVE-2014-9675 http://code.google.com/p/google-security-research/issues/detail?id=151  View
185574 36294 CVE-2014-9675 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7  View
185575 36294 CVE-2014-9675 FEDORA-2015-2237  View
185576 36294 CVE-2014-9675 FEDORA-2015-2216  View
185577 36294 CVE-2014-9675 openSUSE-SU-2015:0627  View
185578 36294 CVE-2014-9675 RHSA-2015:0696  View
185579 36294 CVE-2014-9675 DSA-3188  View
185580 36294 CVE-2014-9675 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html  View
185581 36294 CVE-2014-9675 72986  View
185582 36294 CVE-2014-9675 USN-2510-1  View
185583 36294 CVE-2014-9675 USN-2739-1  View
185584 36294 CVE-2014-9675 https://source.android.com/security/bulletin/2016-11-01.html  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
18995 JVNDB-2014-007870 FreeType の bdf/bdflib.c におけるヒープポインタ値を取得される脆弱性 FreeType の bdf/bdflib.c は、先頭文字列の存在を検証することのみでプロパティ名を識別するため、ヒープポインタ値を取得される、および ASLR 保護メカニズムを回避される脆弱性が存在します。 CVE-2014-9675 76968 CVE-2014-9675 36294 5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007870.html 2014-11-07 2015-05-13 View