bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2015-02-08T11:00:00
Updated: 2017-06-30T16:57:01
Reserved: 2015-02-07T00:00:00
Link: CVE-2014-9675
JSON object: View
NVD Information
Status : Modified
Published: 2015-02-08T11:59:36.490
Modified: 2018-10-30T16:27:35.843
Link: CVE-2014-9675
JSON object: View
Redhat Information
No data.
CWE