CVE-2014-9662

2015-02-08T00:00:00
ID UB:CVE-2014-9662
Type ubuntucve
Reporter ubuntu.com
Modified 2015-02-08T00:00:00

Description

cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.

Bugs

  • <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656>
  • <http://savannah.nongnu.org/bugs/?43658>
  • <http://code.google.com/p/google-security-research/issues/detail?id=185>