CVE-2014-9674
Public on 2015-02-08
Modified on 2015-04-01
Description
Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Severity
CVSS v3 Base Score
See breakdown
Affected Packages
Platform | Package | Release Date | Advisory | Status |
---|---|---|---|---|
Amazon Linux 1 | freetype | 2015-04-01 | ALAS-2015-502 | Fixed |
CVSS Scores
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
NVD | CVSSv2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |