CVE-2014-9745

Published: Sep 14, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

USN-2739-1

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2015:1704

vendor-advisory

x_refsource_SUSE

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75

x_refsource_CONFIRM

76727

vdb-entry

x_refsource_BID

http://savannah.nongnu.org/bugs/index.php?41590

x_refsource_CONFIRM

https://code.google.com/p/chromium/issues/detail?id=459050

x_refsource_CONFIRM

DSA-3370

vendor-advisory

x_refsource_DEBIAN

https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1492124

x_refsource_CONFIRM

1033536

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-9745

Description

Affected Products

References