Description
The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.
References (5)
Core 5
Core References
Exploit, Patch x_refsource_confirm
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2148-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57447
Various Sources x_refsource_confirm
http://savannah.nongnu.org/bugs/?41697
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/03/12/4
Scores
EPSS
0.0157
EPSS Percentile
72.5%
Details
CWE
CWE-20
Status
published
Products (4)
canonical/ubuntu_linux
13.10
freetype/freetype
2.5
freetype/freetype
2.5.1
freetype/freetype
< 2.5.2
Published
Mar 18, 2014
Tracked Since
Feb 18, 2026