Unrated severityNVD Advisory· Published Feb 8, 2015· Updated Jun 17, 2026
CVE-2014-9675
CVE-2014-9675
Description
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
32cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- osv-coords9 versionspkg:rpm/opensuse/freetype2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ft2demos&distro=openSUSE%20Tumbleweedpkg:rpm/suse/freetype2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/freetype2&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/freetype2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/freetype2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/ft2demos&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/ft2demos&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/ft2demos&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
< 2.7-1.1+ 8 more
- (no CPE)range: < 2.7-1.1
- (no CPE)range: < 2.7-1.1
- (no CPE)range: < 2.5.3-5.1
- (no CPE)range: < 2.5.3-5.1
- (no CPE)range: < 2.5.3-5.1
- (no CPE)range: < 2.5.3-5.1
- (no CPE)range: < 2.5.3-5.1
- (no CPE)range: < 2.5.3-5.1
- (no CPE)range: < 2.5.3-5.1
Patches
Vulnerability mechanics
References
15- code.google.com/p/google-security-research/issues/detailnvdExploit
- advisories.mageia.org/MGASA-2015-0083.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-updates/2015-03/msg00091.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2015-0696.htmlnvdThird Party Advisory
- www.debian.org/security/2015/dsa-3188nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlnvdThird Party Advisory
- www.ubuntu.com/usn/USN-2510-1nvdThird Party Advisory
- www.ubuntu.com/usn/USN-2739-1nvdThird Party Advisory
- git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/nvdIssue Tracking
- www.securityfocus.com/bid/72986nvd
- security.gentoo.org/glsa/201503-05nvd
- source.android.com/security/bulletin/2016-11-01.htmlnvd
News mentions
0No linked articles in our index yet.