CVE-2014-9656

Published: 8 February 2015

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.

Status

Notes

in precise, this code is in src/sfnt/ttsbit0.c

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9656
• https://ubuntu.com/security/notices/USN-2510-1
• NVD
• Launchpad
• Debian

Bugs

• http://savannah.nongnu.org/bugs/?43680
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
• http://code.google.com/p/google-security-research/issues/detail?id=196