Lucene search
RootSSV:61740HistoryMar 11, 2014 - 12:00 a.m.
FreeType 'src/cff/cf2hints.c'远程栈缓冲区溢出漏洞
2014-03-1100:00:00
Root
www.seebug.org
24
0.139 Low
EPSS
Percentile
95.7%
Bugtraq ID:66074
CVE ID:CVE-2014-2240
FreeType是一个流行的字体函数库。
FreeType ‘src/cff/cf2hints.c’ cf2_hintmap_build()函数处理’stem hints’存在一个越界基于栈的读/写漏洞,允许攻击者利用漏洞构建恶意字体,诱使应用解析,可使应用程序崩溃。
0
FreeType < 2.5.3
厂商补丁:
FreeType
用户可参考厂商的GIT库以获得补丁修复此漏洞:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0eae6eb0645264c98812f0095e0f5df4541830e6
Related
fedora
fedora
[SECURITY] Fedora 21 Update: mingw-freetype-2.5.4-1.fc21
2015-01-02 05:01:40
[SECURITY] Fedora 21 Update: freetype-2.5.3-13.fc21
2014-12-23 18:31:38
[SECURITY] Fedora 20 Update: freetype-2.5.0-7.fc20
2015-01-03 19:05:23
openvas
openvas
Fedora Update for mingw-freetype FEDORA-2014-17550
2015-01-05 00:00:00
Fedora Update for freetype FEDORA-2014-16840
2015-01-05 00:00:00
Slackware: Security Advisory (SSA:2015-016-01)
2022-04-21 00:00:00
cve
cve
CVE-2014-2240
2014-03-12 14:55:30
CVE-2014-9659
2015-02-08 11:59:21
nessus
nessus
Fedora 20 : freetype-2.5.0-7.fc20 (2014-16854)
2015-01-05 00:00:00
FreeBSD : freetype -- Out of bounds stack-based read/write (567beb1e-7e0a-11e4-b9cc-bcaec565249c)
2014-12-08 00:00:00
Fedora 21 : mingw-freetype-2.5.4-1.fc21 (2014-17550)
2015-01-02 00:00:00
gentoo
gentoo
FreeType: Arbitrary code execution
2014-08-09 00:00:00
slackware
slackware
[slackware-security] freetype
2015-01-17 06:43:52
cvelist
cvelist
CVE-2014-2240
2014-03-12 14:00:00
CVE-2014-9659
2015-02-08 11:00:00
freebsd
freebsd
freetype -- Out of bounds stack-based read/write
2014-12-07 00:00:00
nvd
nvd
CVE-2014-2240
2014-03-12 14:55:30
CVE-2014-9659
2015-02-08 11:59:21
prion
prion
Stack overflow
2014-03-12 14:55:00
Stack overflow
2015-02-08 11:59:00
debiancve
debiancve
CVE-2014-2240
2014-03-12 14:55:30
CVE-2014-9659
2015-02-08 11:59:21
mageia
mageia
Updated freetype2 packages fix security vulnerability
2014-12-13 23:16:05
Updated freetype2 packages fix security vulnerabilities
2014-03-15 20:26:54
securityvulns
securityvulns
FreeType memory corruption
2014-03-18 00:00:00
[USN-2148-1] FreeType vulnerabilities
2014-03-18 00:00:00
ubuntucve
ubuntucve
CVE-2014-9659
2015-02-08 00:00:00
CVE-2014-2240
2014-03-12 00:00:00
ubuntu
ubuntu
FreeType vulnerabilities
2014-03-17 00:00:00
f5
f5
K16380 : FreeType vulnerabilities CVE-2014-9656 and CVE-2014-9659
2015-04-09 00:00:00
SOL16380 - FreeType vulnerabilities CVE-2014-9656 and CVE-2014-9659
2015-04-09 00:00:00