CVE-2014-9745

Published: 14 September 2015

The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.

Priority

Status

Package	Release	Status
freetype Launchpad, Ubuntu, Debian	upstream	Released (2.5.3)
	precise	Released (2.4.8-1ubuntu2.3)
	trusty	Released (2.5.2-1ubuntu2.5)
	vivid	Released (2.5.2-2ubuntu3.1)
	Patches: upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9745
https://ubuntu.com/security/notices/USN-2739-1
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1492124
http://savannah.nongnu.org/bugs/index.php?41590
https://code.google.com/p/chromium/issues/detail?id=459050

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›