Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-9674

Опубликовано: 08 фев. 2015
Источник: redhat
CVSS2: 6.8

Описание

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.

Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4freetypeWill not fix
Red Hat Enterprise Linux 5freetypeWill not fix
Red Hat Enterprise Virtualization 3mingw-virt-viewerAffected
Red Hat Enterprise Linux 6freetypeFixedRHSA-2015:069617.03.2015
Red Hat Enterprise Linux 7freetypeFixedRHSA-2015:069617.03.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-190->CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1191190freetype: multiple integer overflows Mac_Read_POST_Resource() leading to heap-based buffer overflows

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-9674

ubuntu
больше 10 лет назад

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.

nvd логотип

CVE-2014-9674

nvd
больше 10 лет назад

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.

debian логотип

CVE-2014-9674

debian
больше 10 лет назад

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType befor ...

github логотип

GHSA-7xpj-88fg-h2mj

github
больше 3 лет назад

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.

oracle-oval логотип

ELSA-2015-0696

oracle-oval
больше 10 лет назад

ELSA-2015-0696: freetype security update (IMPORTANT)

6.8 Medium

CVSS2