CVE-2014-9662

Publication date 8 February 2015

Last updated 24 July 2024


Ubuntu priority

cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.

Status

Package Ubuntu Release Status
freetype 14.10 utopic
Fixed 2.5.2-2ubuntu1.1
14.04 LTS trusty
Fixed 2.5.2-1ubuntu2.4
12.04 LTS precise
Not affected
10.04 LTS lucid
Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
freetype

References

Related Ubuntu Security Notices (USN)

    • USN-2510-1
    • FreeType vulnerabilities
    • 24 February 2015

Other references