CVE-2014-9656

EPSS 2.4%

freetype - security update

Published: 2/8/2015Modified: 4/28/2026

Description

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.

Affected packages (3)

Debian/freetypefrom 0, < 2.5.2-3
Debian/freetypefrom 0, < 2.4.2-2.1+squeeze5
Debian/freetypefrom 0, < 2.4.9-1.1+deb7u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9656