https://bugzilla.redhat.com/show_bug.cgi?id=1191192
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Priority|medium |low Summary|CVE-2014-9675 freetype: |CVE-2014-9675 freetype: |bypass the ASLR protection |information leak in |mechanism via a crafted BDF |_bdf_add_property() |font | Whiteboard|impact=moderate,public=2015 |impact=low,public=20150208, |0208,reported=20150209,sour |reported=20150209,source=su |ce=suse,cvss2=3.7/AV:L/AC:H |se,cvss2=4.3/AV:N/AC:M/Au:N |/Au:N/C:P/I:P/A:P,fedora-al |/C:P/I:N/A:N,rhel-4/freetyp |l/freetype=affected,rhel-5/ |e=wontfix,rhel-5/freetype=w |freetype=new,rhel-6/freetyp |ontfix,rhel-6/freetype=affe |e=new,rhel-7/freetype=new |cted,rhel-7/freetype=affect | |ed,rhev-m-3/mingw-virt-view | |er=affected,fedora-all/free | |type=affected,fedora-all/mi | |ngw-freetype=affected,epel- | |7/mingw-freetype=affected Severity|medium |low
--- Comment #4 from Tomas Hoger thoger@redhat.com --- Upstream bug is: https://savannah.nongnu.org/bugs/?43535
Issue was fixed upstream in 2.5.4.
This issue possibly leads to disclosure of portion of process memory. Leaked information is heap pointer, so it may provide information to bypass address space layout randomization (ASLR) and hence make it easier to exploit other flaws in the application.