https://bugzilla.redhat.com/show_bug.cgi?id=1191192
Tomas Hoger <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|medium |low Summary|CVE-2014-9675 freetype: |CVE-2014-9675 freetype: |bypass the ASLR protection |information leak in |mechanism via a crafted BDF |_bdf_add_property() |font | Whiteboard|impact=moderate,public=2015 |impact=low,public=20150208, |0208,reported=20150209,sour |reported=20150209,source=su |ce=suse,cvss2=3.7/AV:L/AC:H |se,cvss2=4.3/AV:N/AC:M/Au:N |/Au:N/C:P/I:P/A:P,fedora-al |/C:P/I:N/A:N,rhel-4/freetyp |l/freetype=affected,rhel-5/ |e=wontfix,rhel-5/freetype=w |freetype=new,rhel-6/freetyp |ontfix,rhel-6/freetype=affe |e=new,rhel-7/freetype=new |cted,rhel-7/freetype=affect | |ed,rhev-m-3/mingw-virt-view | |er=affected,fedora-all/free | |type=affected,fedora-all/mi | |ngw-freetype=affected,epel- | |7/mingw-freetype=affected Severity|medium |low --- Comment #4 from Tomas Hoger <[email protected]> --- Upstream bug is: https://savannah.nongnu.org/bugs/?43535 Issue was fixed upstream in 2.5.4. This issue possibly leads to disclosure of portion of process memory. Leaked information is heap pointer, so it may provide information to bypass address space layout randomization (ASLR) and hence make it easier to exploit other flaws in the application. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=LRG6RRrTEu&a=cc_unsubscribe _______________________________________________ fonts-bugs mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/fonts-bugs http://fonts.fedoraproject.org/
