CVE-2014-9745

EPSS 2.9%

freetype - security update

Published: 9/14/2015Modified: 4/28/2026

Description

The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.

Affected packages (3)

Debian/freetypefrom 0, < 2.6-1
Debian/freetypefrom 0, < 2.4.2-2.1+squeeze6
Debian/freetypefrom 0, < 2.4.9-1.1+deb7u2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9745