Your submission was sent successfully! Close

CVE-2014-9675

Published: 8 February 2015

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.

Priority

Medium

Status

Package Release Status
freetype
Launchpad, Ubuntu, Debian
lucid
Released (2.3.11-1ubuntu2.8)
precise
Released (2.4.8-1ubuntu2.2)
trusty
Released (2.5.2-1ubuntu2.4)
upstream
Released (2.5.4)
utopic
Released (2.5.2-2ubuntu1.1)