Vulnerability Details : CVE-2014-9667
sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2014-9667
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-9667
2.74%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-9667
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2014-9667
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-9667
-
http://www.securityfocus.com/bid/72986
FreeType Versions Prior to 2.5.4 Multiple Remote Vulnerabilities
-
http://www.debian.org/security/2015/dsa-3188
Debian -- Security Information -- DSA-3188-1 freetypeThird Party Advisory
-
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=677ddf4f1dc1b36cef7c7ddd59a14c508f4b1891
freetype/freetype2.git - The FreeType 2 libraryIssue Tracking
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html
[SECURITY] Fedora 20 Update: freetype-2.5.0-9.fc20Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Oracle Solaris Third Party Bulletin - April 2015Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html
openSUSE-SU-2015:0627-1: moderate: Security update for freetype2Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html
[SECURITY] Fedora 21 Update: freetype-2.5.3-15.fc21Third Party Advisory
-
https://security.gentoo.org/glsa/201503-05
FreeType: Multiple vulnerabilities (GLSA 201503-05) — Gentoo security
-
http://www.ubuntu.com/usn/USN-2510-1
USN-2510-1: FreeType vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://advisories.mageia.org/MGASA-2015-0083.html
Mageia Advisory: MGASA-2015-0083 - Updated freetype2 packages fix security vulnerabilitiesThird Party Advisory
-
http://code.google.com/p/google-security-research/issues/detail?id=166
166 - FreeType 2.5.3 SFNT parsing integer overflows - project-zero - MonorailExploit
-
http://rhn.redhat.com/errata/RHSA-2015-0696.html
RHSA-2015:0696 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2739-1
USN-2739-1: FreeType vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to