CVE-2014-2241
EPSS 0.62%Published: 3/18/2014Modified: 4/28/2026
Description
The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.
Affected packages (1)
- Debian/freetypefrom 0, < 2.5.2-1.1