CVE-2014-9661

2015-02-0811:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2014-9661

freetype

denial of service

use-after-free

nvd

type42 font

7.9 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

91.7%

JSON

type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq15.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.04
debian:debian_linuxdebian debian linuxeq7.0
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq7.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq7.0
redhat:enterprise_linux_server_eusredhat enterprise linux server euseq6.6.z
redhat:enterprise_linux_serverredhat enterprise linux servereq7.0

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	15.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	10.04
debian:debian_linux	debian debian linux	eq	7.0
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	7.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	7.0
redhat:enterprise_linux_server_eus	redhat enterprise linux server eus	eq	6.6.z
redhat:enterprise_linux_server	redhat enterprise linux server	eq	7.0