QwikSec

Security Database

CVE

CWE

Training

CVE-2014-9663

Published: Feb 8, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://code.google.com/p/google-security-research/issues/detail?id=184

x_refsource_MISC

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9bd20b7304aae61de5d50ac359cf27132bafd4c1

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_GENTOO

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2015:0627

vendor-advisory

x_refsource_SUSE

http://advisories.mageia.org/MGASA-2015-0083.html

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

FEDORA-2015-2216

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_MANDRIVA

vendor-advisory

x_refsource_UBUNTU

FEDORA-2015-2237

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2014-9663 - Security Vulnerability | QwikSec