Description
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.
References (9)
Core 9
Core References
Exploit x_refsource_misc
http://code.google.com/p/google-security-research/issues/detail?id=190
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201503-05
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2739-1
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-03/msg00091.html
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2510-1
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.html
Patch, Vendor Advisory x_refsource_confirm
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f873237f1c77d43540537c7a721d3fd8
Scores
EPSS
0.0285
EPSS Percentile
86.5%
Details
CWE
CWE-119
Status
published
Products (12)
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
14.10
canonical/ubuntu_linux
15.04
fedoraproject/fedora
20
fedoraproject/fedora
21
freetype/freetype
< 2.5.3
opensuse/opensuse
13.1
opensuse/opensuse
13.2
... and 2 more
Published
Feb 08, 2015
Tracked Since
Feb 18, 2026