CVE-2014-9746

CRITICAL

FreeType < 2.5.3 - Denial of Service via Unchecked Return Values in Font Parsing

Title source: llm
STIX 2.1

Description

The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font.

References (6)

Core 6
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/09/11/4
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/09/25/4
Various Sources x_refsource_misc
https://savannah.nongnu.org/bugs/?41309
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3370

Scores

CVSS v3 9.8
EPSS 0.0329
EPSS Percentile 87.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (3)
debian/debian_linux 7.0
debian/debian_linux 8.0
freetype/freetype < 2.5.3
Published Jun 07, 2016
Tracked Since Feb 18, 2026