Lucene search

MitreCVE-2014-9660

HistoryFeb 08, 2015 - 11:59 a.m.

CVE-2014-9660

2015-02-0811:59:22

CWE-476

mitre

web.nvd.nist.gov

cve-2014-9660

freetype

denial of service

null pointer dereference

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.027

Percentile

90.7%

JSON

The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.

Affected configurations

Nvd

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

canonicalubuntu_linuxMatch10.04lts

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch14.10

canonicalubuntu_linuxMatch15.04

Node

debiandebian_linuxMatch7.0

Node

oraclesolarisMatch10.0

oraclesolarisMatch11.2

Node

fedoraprojectfedoraMatch20

fedoraprojectfedoraMatch21

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_hpc_nodeMatch6

redhatenterprise_linux_hpc_nodeMatch7.0

redhatenterprise_linux_hpc_node_eusMatch7.1

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_eusMatch6.6.z

redhatenterprise_linux_server_eusMatch7.1

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

freetypefreetypeRange≤2.5.3

VendorProductVersionCPE
opensuseopensuse13.1cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
opensuseopensuse13.2cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
canonicalubuntu_linux10.04cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
canonicalubuntu_linux14.10cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
canonicalubuntu_linux15.04cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
oraclesolaris10.0cpe:2.3:o:oracle:solaris:10.0:*:*:*:*:*:*:*
oraclesolaris11.2cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opensuse	opensuse	13.1	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
opensuse	opensuse	13.2	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
canonical	ubuntu_linux	10.04	cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::
canonical	ubuntu_linux	12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
canonical	ubuntu_linux	14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
canonical	ubuntu_linux	14.10	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*
canonical	ubuntu_linux	15.04	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
debian	debian_linux	7.0	cpe:2.3:o:debian:debian_linux:7.0:::::::*
oracle	solaris	10.0	cpe:2.3:o:oracle:solaris:10.0:::::::*
oracle	solaris	11.2	cpe:2.3:o:oracle:solaris:11.2:::::::*