CVE-2014-2241

FreeType < 2.5.2 - Denial of Service via Crafted TTF File

Title source: llm
STIX 2.1

Description

The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.

References (5)

Core 5
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2148-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57447
Various Sources x_refsource_confirm
http://savannah.nongnu.org/bugs/?41697
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/03/12/4

Scores

EPSS 0.0157
EPSS Percentile 72.5%

Details

CWE
CWE-20
Status published
Products (4)
canonical/ubuntu_linux 13.10
freetype/freetype 2.5
freetype/freetype 2.5.1
freetype/freetype < 2.5.2
Published Mar 18, 2014
Tracked Since Feb 18, 2026