Vulnerability Details : CVE-2014-9745
The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.
Vulnerability category: Denial of service
Products affected by CVE-2014-9745
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-9745
6.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-9745
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-9745
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-9745
-
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75
freetype/freetype2.git - The FreeType 2 library
-
http://lists.opensuse.org/opensuse-updates/2015-10/msg00017.html
openSUSE-SU-2015:1704-1: moderate: Security update for freetype2
-
http://savannah.nongnu.org/bugs/index.php?41590
The FreeType Project - Bugs: bug #41590, infinite loop in parse_encoding... [Savannah]
-
https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1492124
Bug #1492124 “infinite loop in parse_encoding (t1load.c)” : Bugs : freetype package : Ubuntu
-
http://www.debian.org/security/2015/dsa-3370
Debian -- Security Information -- DSA-3370-1 freetype
-
http://www.securitytracker.com/id/1033536
FreeType Bugs Let Remote Users Deny Service and Local Users Obtain Potentially Sensitive Information - SecurityTracker
-
http://www.securityfocus.com/bid/76727
FreeType 't1load.c' Denial of Service Vulnerability
-
https://code.google.com/p/chromium/issues/detail?id=459050
459050 - Google Chrome hang when parsing a PDF - chromium - Monorail
-
http://www.ubuntu.com/usn/USN-2739-1
USN-2739-1: FreeType vulnerabilities | Ubuntu security notices
Jump to