Lucene search
Ubuntu.comUB:CVE-2014-9666HistoryFeb 08, 2015 - 12:00 a.m.
CVE-2014-9666
2015-02-0800:00:00
ubuntu.com
ubuntu.com
12
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.5%
The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4
proceeds with a count-to-size association without restricting the count
value, which allows remote attackers to cause a denial of service (integer
overflow and out-of-bounds read) or possibly have unspecified other impact
via a crafted embedded bitmap.
Bugs
- <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656>
- <http://savannah.nongnu.org/bugs/?43591>
- <http://code.google.com/p/google-security-research/issues/detail?id=167>
Notes
| Author | Note |
|---|---|
| mdeslaur | in precise, this is in src/sfnt/ttsbit0.c |
Related
cve
cve
CVE-2014-9666
2015-02-08 11:59:28
nvd
nvd
CVE-2014-9666
2015-02-08 11:59:28
debiancve
debiancve
CVE-2014-9666
2015-02-08 11:59:28
prion
prion
Integer overflow
2015-02-08 11:59:00
cvelist
cvelist
CVE-2014-9666
2015-02-08 11:00:00
openvas
openvas
Debian: Security Advisory (DSA-3188-1)
2015-03-14 00:00:00
Debian Security Advisory DSA 3188-1 (freetype - security update)
2015-03-15 00:00:00
Debian: Security Advisory (DLA-185-1)
2023-03-08 00:00:00
osv
osv
freetype - security update
2015-03-15 00:00:00
freetype - security update
2015-04-01 00:00:00
debian
debian
[SECURITY] [DSA 3188-1] freetype security update
2015-03-15 19:49:03
[SECURITY] [DLA 185-1] freetype security update
2015-03-31 23:30:23
nessus
nessus
Debian DSA-3188-1 : freetype - security update
2015-03-17 00:00:00
Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:055)
2015-03-19 00:00:00
Fedora 21 : freetype-2.5.3-15.fc21 (2015-2237)
2015-02-20 00:00:00
mageia
mageia
Updated freetype2 packages fix security vulnerabilities
2015-02-25 00:20:13
ubuntu
ubuntu
FreeType vulnerabilities
2015-02-24 00:00:00
securityvulns
securityvulns
[USN-2510-1] FreeType vulnerabilities
2015-03-08 00:00:00
Freetype multiple security vulnerabilities
2015-03-08 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: freetype-2.5.3-15.fc21
2015-02-19 18:01:31
[SECURITY] Fedora 20 Update: freetype-2.5.0-9.fc20
2015-02-20 08:31:09
gentoo
gentoo
FreeType: Multiple vulnerabilities
2015-03-08 00:00:00
ibm
ibm
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.5%
Related for UB:CVE-2014-9666