CVE-2014-9675

NameCVE-2014-9675
Descriptionbdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-185-1, DSA-3188-1
NVD severitymedium (attack range: remote)
Debian Bugs777656

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freetype (PTS)wheezy2.4.9-1.1+deb7u3fixed
wheezy (security)2.4.9-1.1+deb7u7fixed
jessie, jessie (security)2.5.2-3+deb8u2fixed
stretch2.6.3-3.2fixed
buster2.8-0.2fixed
sid2.8.1-0.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freetypesource(unstable)2.5.2-3medium777656
freetypesourcesqueeze2.4.2-2.1+squeeze5mediumDLA-185-1
freetypesourcewheezy2.4.9-1.1+deb7u1mediumDSA-3188-1

Notes

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7
https://code.google.com/p/google-security-research/issues/detail?id=151

Search for package or bug name: Reporting problems