Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2014-9659

Опубликовано: 08 фев. 2015
Источник: debian

Описание

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
freetypefixed2.5.2-3package
freetypenot-affectedwheezypackage
freetypenot-affectedsqueezepackage

Примечания

  • https://savannah.nongnu.org/bugs/?43661

  • http://code.google.com/p/google-security-research/issues/detail?id=190

  • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f873237f1c77d43540537c7a721d3fd8

  • CVE due to incomplete fix for CVE-2014-2240

Связанные уязвимости

ubuntu логотип

CVE-2014-9659

ubuntu
почти 11 лет назад

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.

redhat логотип

CVE-2014-9659

redhat
около 11 лет назад

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.

nvd логотип

CVE-2014-9659

nvd
почти 11 лет назад

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.

github логотип

GHSA-mhjx-8fg8-xcp5

github
больше 3 лет назад

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.

suse-cvrf логотип

SUSE-SU-2015:0463-1

suse-cvrf
почти 11 лет назад

Security update for freetype2