CVE-2014-9656

EPSS 2.4%

freetype - security update

發布日:2015/2/8修改日:2026/4/28

也稱為:DEBIAN-CVE-2014-9656

描述

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.

受影響套件(3)

Debian/freetypefrom 0, < 2.5.2-3
Debian/freetypefrom 0, < 2.4.2-2.1+squeeze5
Debian/freetypefrom 0, < 2.4.9-1.1+deb7u1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9656