PublicDateAtUSN: 2015-02-08
Candidate: CVE-2014-9675
PublicDate: 2015-02-08 11:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9675
 https://ubuntu.com/security/notices/USN-2510-1
Description:
 bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only
 verifying that an initial substring is present, which allows remote
 attackers to discover heap pointer values and bypass the ASLR protection
 mechanism via a crafted BDF font.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
 http://code.google.com/p/google-security-research/issues/detail?id=151
 https://savannah.nongnu.org/bugs/?43535
Priority: medium
Discovered-by: Mateusz Jurczyk
Assigned-to: mdeslaur
CVSS: 

Patches_freetype:
 upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9a56764037dfc01a89fe61f5c67971bf50343d00 (bp)
 upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7
upstream_freetype: released (2.5.4)
lucid_freetype: released (2.3.11-1ubuntu2.8)
precise_freetype: released (2.4.8-1ubuntu2.2)
trusty_freetype: released (2.5.2-1ubuntu2.4)
trusty/esm_freetype: released (2.5.2-1ubuntu2.4)
utopic_freetype: released (2.5.2-2ubuntu1.1)
devel_freetype: released (2.5.2-2ubuntu3)