CVE-2014-9657

Scores

EPSS

0.000none0.0%

0%20%40%60%80%100%

Percentile: 0.0%

CVSS

7.5high2.0

0246810

CVSS Score: 7.5/10

All CVSS Scores

CVSS 2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

debiannvdubuntu

CWEs

CWE-125

Vulnerable Software (15)

Type: Configuration

Product: freetype

Operating System: ubuntu trusty 14.04

Trait:

{  "fixed": "2.5.2-1ubuntu2.4"}

Source: ubuntu

Type: Configuration

Product: freetype

Operating System: ubuntu utopic 14.10

Trait:

{  "fixed": "2.5.2-2ubuntu1.1"}

Source: ubuntu

Type: Configuration

Product: freetype

Operating System: debian

Trait:

{  "fixed": "2.5.2-3"}

Source: debian

Type: Configuration

Vendor: canonical

Product: ubuntu_linux

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: debian

Product: debian_linux

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: fedoraproject

Product: fedora

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: freetype

Product: freetype

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*",      "versionEndIncluding": "2.5.3",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: opensuse

Product: opensuse

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", ...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: oracle

Product: solaris

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:oracle:solaris:10.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",      "...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:oracle:solaris:10.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: redhat

Product: enterprise_linux_desktop

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: redhat

Product: enterprise_linux_hpc_node

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: redhat

Product: enterprise_linux_hpc_node_eus

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: redhat

Product: enterprise_linux_server

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: redhat

Product: enterprise_linux_server_eus

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: redhat

Product: enterprise_linux_workstation

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Russian Vulnerability Scanner Database

CVE-2014-9657

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Vulnerable Software (15)