bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2015-02-08T11:00:00
Updated: 2024-08-06T13:55:04.532Z
Reserved: 2015-02-07T00:00:00
Link: CVE-2014-9675
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-02-08T11:59:36.490
Modified: 2024-11-21T02:21:24.913
Link: CVE-2014-9675
Redhat