| Name | CVE-2014-9675 |
| Description | bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-185-1, DSA-3188-1 |
| Debian Bugs | 777656 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| freetype (PTS) | buster | 2.9.1-3+deb10u3 | fixed |
| buster (security) | 2.9.1-3+deb10u2 | fixed | |
| bullseye | 2.10.4+dfsg-1+deb11u1 | fixed | |
| bookworm | 2.12.1+dfsg-5 | fixed | |
| sid, trixie | 2.13.2+dfsg-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| freetype | source | squeeze | 2.4.2-2.1+squeeze5 | DLA-185-1 | ||
| freetype | source | wheezy | 2.4.9-1.1+deb7u1 | DSA-3188-1 | ||
| freetype | source | (unstable) | 2.5.2-3 | 777656 |
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7
https://code.google.com/p/google-security-research/issues/detail?id=151