Denial of Service Vulnerability in FreeType by The FreeType Project
CVE-2014-9663

Currently unrated

Key Information:

Vendor

Freetype

Status
Freetype
Vendor
CVE Published:
8 February 2015

What is CVE-2014-9663?

A flaw in the tt_cmap4_validate function of FreeType prior to version 2.5.4 can lead to a denial of service. The vulnerability arises from improper validation of a length field, allowing remote attackers to trigger an out-of-bounds read through specially crafted cmap SFNT tables, potentially leading to unexpected behavior or crashes in applications that rely on FreeType.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://code.google.com/p/google-security-research/issues/...
x_refsource_MISC
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/c...
x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3188
vendor-advisoryx_refsource_DEBIAN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.