CVE-2014-9659 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2014-9659?

CVE-2014-9659 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-9659?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Solaris, Freetype Freetype, Fedoraproject Fedora, Opensuse Opensuse, Canonical Ubuntu Linux.

Vulnerability Description

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Oracle	Solaris	10.0
Freetype	Freetype	<= 2.5.3
Fedoraproject	Fedora	20
Opensuse	Opensuse	13.1
Canonical	Ubuntu Linux	10.04

Related Weaknesses (CWE)

CWE-119

References

http://code.google.com/p/google-security-research/issues/detail?id=190Exploit
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f8732PatchVendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.hThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.hThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlThird Party Advisory
http://www.ubuntu.com/usn/USN-2510-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2739-1Third Party Advisory
https://security.gentoo.org/glsa/201503-05
http://code.google.com/p/google-security-research/issues/detail?id=190Exploit
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f8732PatchVendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.hThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.hThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlThird Party Advisory

FAQ

What is CVE-2014-9659?

CVE-2014-9659 is a vulnerability with a CVSS score of 7.5 (HIGH). cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code ...

How severe is CVE-2014-9659?

CVE-2014-9659 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-9659?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Solaris, Freetype Freetype, Fedoraproject Fedora, Opensuse Opensuse, Canonical Ubuntu Linux.