Denial of Service Vulnerability in FreeType Library by FreeType
CVE-2014-9745

Currently unrated

Key Information:

Vendor: Freetype
Status: Freetype
Vendor: CVE Published:; 14 September 2015

Summary

The FreeType library, prior to version 2.5.3, contains a vulnerability in the parse_encoding function located in type1/t1load.c. This flaw allows remote attackers to trigger a denial of service condition through an infinite loop caused by a malformed Postscript stream containing a 'broken number-with-base'. Attackers can exploit this vulnerability to render applications using FreeType unresponsive.

References

http://www.ubuntu.com/usn/USN-2739-1

vendor-advisoryx_refsource_UBUNTU

http://lists.opensuse.org/opensuse-updates/2015-10/msg000...

vendor-advisoryx_refsource_SUSE

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/c...

x_refsource_CONFIRM

Timeline

Vulnerability published
Sep 14, 2015
Vulnerability Reserved
Sep 14, 2015