Your submission was sent successfully! Close

CVE-2014-9668

Published: 8 February 2015

The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file.

Priority

Medium

Status

Package Release Status
freetype
Launchpad, Ubuntu, Debian
lucid Not vulnerable
(code not present)
precise Not vulnerable
(code not present)
trusty
Released (2.5.2-1ubuntu2.4)
upstream
Released (2.5.4)
utopic
Released (2.5.2-2ubuntu1.1)
Patches:
upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538