Denial of Service Vulnerability in FreeType by The FreeType Project
CVE-2014-2241

Currently unrated

Key Information:

Vendor: Freetype
Status: Freetype
Vendor: CVE Published:; 18 March 2014

Summary

The FreeType library exhibits a vulnerability in certain functions within cff/cf2ft.c that fail to properly verify the existence of subroutines. This oversight allows remote adversaries to exploit specially crafted TrueType font (TTF) files, leading to assertion failures and resulting in denial of service. Attackers can leverage this vulnerability to disrupt services dependent on FreeType, requiring proactive measures for remediation.

References

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/c...

x_refsource_CONFIRM

http://www.ubuntu.com/usn/USN-2148-1

vendor-advisoryx_refsource_UBUNTU

http://secunia.com/advisories/57447

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Mar 18, 2014
Vulnerability Reserved
Feb 28, 2014