bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-02-08T11:00:00

Updated: 2024-08-06T13:55:04.532Z

Reserved: 2015-02-07T00:00:00

Link: CVE-2014-9675

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-02-08T11:59:36.490

Modified: 2024-11-21T02:21:24.913

Link: CVE-2014-9675

cve-icon Redhat

Severity : Low

Publid Date: 2015-02-08T00:00:00Z

Links: CVE-2014-9675 - Bugzilla