Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-9659

Опубликовано: 24 нояб. 2014
Источник: redhat
CVSS2: 6.8
EPSS Низкий

Описание

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.

Отчет

Not vulnerable. This issue did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 5, 6 and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4freetypeNot affected
Red Hat Enterprise Linux 5freetypeNot affected
Red Hat Enterprise Linux 6freetypeNot affected
Red Hat Enterprise Linux 7freetypeNot affected
Red Hat Enterprise Virtualization 3mingw-virt-viewerNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=1191081freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter

EPSS

Процентиль: 86%
0.02866
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-9659

ubuntu
почти 11 лет назад

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.

nvd логотип

CVE-2014-9659

nvd
почти 11 лет назад

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.

debian логотип

CVE-2014-9659

debian
почти 11 лет назад

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2. ...

github логотип

GHSA-mhjx-8fg8-xcp5

github
больше 3 лет назад

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.

suse-cvrf логотип

SUSE-SU-2015:0463-1

suse-cvrf
почти 11 лет назад

Security update for freetype2

EPSS

Процентиль: 86%
0.02866
Низкий

6.8 Medium

CVSS2