PT-2015-4345 · Freetype+3 · Freetype+3

Mateusz Jurczyk

·

Publicado

2014-12-07

·

Atualizado

2024-06-15

·

CVE-2014-9672

CVSS v2.0

5.8

Média

VetorAV:N/AC:M/Au:N/C:P/I:N/A:P
Name of the Vulnerable Software and Affected Versions FreeType versions prior to 2.5.4
Description The issue is related to an array index error in the parse fond function, which can be exploited by remote attackers to cause a denial of service or obtain sensitive information from process memory. This can be achieved through a crafted FOND resource in a Mac font file.
Recommendations For versions prior to 2.5.4, update to version 2.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to Mac font files to minimize the risk of exploitation.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2014-2420
CVE-2014-9672
DLA-185-1
DSA-3188-1
MGASA-2015-0083
OPENSUSE-SU-2024:10172-1
OPENSUSE-SU-2024:10438-1
SUSE-SU-2015:0455-1
SUSE-SU-2015:0463-1
USN-2510-1

Produtos afetados

Alt Linux
Freetype
Suse
Ubuntu