[Bug 1191192] New: CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font

bugzilla at redhat.com bugzilla at redhat.com
Tue Feb 10 16:21:56 UTC 2015 

https://bugzilla.redhat.com/show_bug.cgi?id=1191192

            Bug ID: 1191192
           Summary: CVE-2014-9675 freetype: bypass the ASLR protection
                    mechanism via a crafted BDF font
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team at redhat.com
          Reporter: mprpic at redhat.com
                CC: behdad at fedoraproject.org,
                    fonts-bugs at lists.fedoraproject.org,
                    kevin at tigcc.ticalc.org, mkasik at redhat.com



bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only
verifying that an initial substring is present, which allows remote attackers
to discover heap pointer values and bypass the ASLR protection mechanism via a
crafted BDF font.

Upstream issue:

http://code.google.com/p/google-security-research/issues/detail?id=151

Upstream patch:

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=FHyVs5R36A&a=cc_unsubscribe

More information about the fonts-bugs mailing list