Lucene search

K
nvd[email protected]NVD:CVE-2014-9665
HistoryFeb 08, 2015 - 11:59 a.m.

CVE-2014-9665

2015-02-0811:59:27
CWE-119
web.nvd.nist.gov
3

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.039

Percentile

92.0%

The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file.

Affected configurations

NVD
Node
fedoraprojectfedoraMatch20
OR
fedoraprojectfedoraMatch21
Node
canonicalubuntu_linuxMatch10.04lts
OR
canonicalubuntu_linuxMatch12.04lts
OR
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch14.10
OR
canonicalubuntu_linuxMatch15.10
Node
freetypefreetypeRange≀2.5.3
Node
opensuseopensuseMatch13.1
OR
opensuseopensuseMatch13.2

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.039

Percentile

92.0%