CVE-2014-9666medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap.
References
http://advisories.mageia.org/MGASA-2015-0083.html
http://code.google.com/p/google-security-research/issues/detail?id=167
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html
http://www.debian.org/security/2015/dsa-3188
http://www.mandriva.com/security/advisories?name=MDVSA-2015:055
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securityfocus.com/bid/72986
http://www.ubuntu.com/usn/USN-2510-1
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Configuration 3
OR
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Configuration 4
OR
Configuration 5
OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Configuration 6
OR
Configuration 7
OR
cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:* versions up to 2.5.3 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 82479 | Debian DLA-185-1 : freetype security update | Nessus | Debian Local Security Checks | high |
| 82461 | openSUSE Security Update : freetype2 (openSUSE-2015-274) | Nessus | SuSE Local Security Checks | high |
| 82342 | Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:089) | Nessus | Mandriva Local Security Checks | high |
| 81938 | Mandriva Linux Security Advisory : freetype2 (MDVSA-2015:055) | Nessus | Mandriva Local Security Checks | high |
| 81832 | Debian DSA-3188-1 : freetype - security update | Nessus | Debian Local Security Checks | high |
| 81752 | SuSE 11.3 Security Update : freetype2 (SAT Patch Number 10386) | Nessus | SuSE Local Security Checks | high |
| 81690 | GLSA-201503-05 : FreeType: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 81509 | Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : freetype vulnerabilities (USN-2510-1) | Nessus | Ubuntu Local Security Checks | high |
| 81429 | Fedora 20 : freetype-2.5.0-9.fc20 (2015-2216) | Nessus | Fedora Local Security Checks | high |
| 81415 | Fedora 21 : freetype-2.5.3-15.fc21 (2015-2237) | Nessus | Fedora Local Security Checks | high |