CVE-2014-9675

NameCVE-2014-9675
Descriptionbdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-185-1, DSA-3188-1
Debian Bugs777656

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freetype (PTS)jessie, jessie (lts)2.5.2-3+deb8u6fixed
stretch (security)2.6.3-3.2+deb9u2fixed
stretch (lts), stretch2.6.3-3.2+deb9u3fixed
buster2.9.1-3+deb10u3fixed
buster (security), buster (lts)2.9.1-3+deb10u2fixed
bullseye2.10.4+dfsg-1+deb11u1fixed
bookworm2.12.1+dfsg-5+deb12u3fixed
sid, trixie2.13.3+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freetypesourcesqueeze2.4.2-2.1+squeeze5DLA-185-1
freetypesourcewheezy2.4.9-1.1+deb7u1DSA-3188-1
freetypesource(unstable)2.5.2-3777656

Notes

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7
https://code.google.com/p/google-security-research/issues/detail?id=151
Search for package or bug name: Reporting problems