CVE-2014-9668 - OpenCVE

The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Fedoraproject	Fedora
Canonical	Ubuntu Linux
Freetype	Freetype
Opensuse	Opensuse

Configuration 1 [-]

OR	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:20:::::::*
	cpe:2.3:o:fedoraproject:fedora:21:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

Configuration 4 [-]

cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*

References

Link	Resource
http://code.google.com/p/google-security-research/issues/detail?id=164	Exploit
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html
http://www.securityfocus.com/bid/72986
http://www.ubuntu.com/usn/USN-2510-1
http://www.ubuntu.com/usn/USN-2739-1
https://security.gentoo.org/glsa/201503-05

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2015-02-08T11:00:00

Updated: 2017-06-30T16:57:01

Reserved: 2015-02-07T00:00:00

Link: CVE-2014-9668

JSON object: View

NVD Information

Status : Modified

Published: 2015-02-08T11:59:29.977

Modified: 2018-10-30T16:27:35.843

Link: CVE-2014-9668

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-12-06T00:00:00", "descriptions": [{"lang": "en", "value": "The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://code.google.com/p/google-security-research/issues/detail?id=164"}, {"name": "GLSA-201503-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201503-05"}, {"name": "72986", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72986"}, {"name": "USN-2739-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2739-1"}, {"name": "openSUSE-SU-2015:0627", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html"}, {"name": "FEDORA-2015-2216", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html"}, {"name": "USN-2510-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2510-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538"}, {"name": "FEDORA-2015-2237", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9668", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://code.google.com/p/google-security-research/issues/detail?id=164", "refsource": "MISC", "url": "http://code.google.com/p/google-security-research/issues/detail?id=164"}, {"name": "GLSA-201503-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201503-05"}, {"name": "72986", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72986"}, {"name": "USN-2739-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2739-1"}, {"name": "openSUSE-SU-2015:0627", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html"}, {"name": "FEDORA-2015-2216", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html"}, {"name": "USN-2510-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2510-1"}, {"name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538", "refsource": "CONFIRM", "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538"}, {"name": "FEDORA-2015-2237", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9668", "datePublished": "2015-02-08T11:00:00", "dateReserved": "2015-02-07T00:00:00", "dateUpdated": "2017-06-30T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*", "matchCriteriaId": "05EE9A32-E91F-4C68-B3A9-AC5AB35C2BB3", "versionEndIncluding": "2.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file."}, {"lang": "es", "value": "La funci\u00f3n woff_open_font en sfnt/sfobjs.c en FreeType anterior a 2.5.4 proceda con los c\u00e1lculos de desplazamiento m\u00e1s longitud (offset+length) sin restringir los valores de longitud, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (desbordamiento de enteros y desbordamiento de buffer basado en memoria din\u00e1mica) o posiblemente tener otro impacto no especificado a trav\u00e9s de un fichero Web Open Font Format (WOFF) manipulado."}], "id": "CVE-2014-9668", "lastModified": "2018-10-30T16:27:35.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-02-08T11:59:29.977", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://code.google.com/p/google-security-research/issues/detail?id=164"}, {"source": "cve@mitre.org", "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/72986"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2510-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2739-1"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201503-05"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}