Heap Pointer Disclosure Vulnerability in FreeType

Heap Pointer Disclosure Vulnerability in FreeType

CVE-2014-9675 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.

Learn more about our Web Application Penetration Testing UK.