Stack-based Buffer Overflow Vulnerability in FreeType Library
CVE-2014-2240

Currently unrated

Key Information:

Vendor: Freetype
Status: Freetype
Vendor: CVE Published:; 12 March 2014

Summary

A stack-based buffer overflow vulnerability exists in the cf2_hintmap_build function within the FreeType library, prior to version 2.5.3. This flaw allows attackers to create a malicious font file containing a large number of stem hints, potentially leading to a denial of service through application crashes and the possibility of executing arbitrary code on the affected system.

References

http://secunia.com/advisories/57291

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id/1029895

vdb-entryx_refsource_SECTRACK

http://www.ubuntu.com/usn/USN-2148-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Mar 12, 2014
Vulnerability Reserved
Feb 28, 2014