CVE-2014-9663

Publication date 8 February 2015

Last updated 24 July 2024


Ubuntu priority

The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.

Status

Package Ubuntu Release Status
freetype 14.10 utopic
Fixed 2.5.2-2ubuntu1.1
14.04 LTS trusty
Fixed 2.5.2-1ubuntu2.4
12.04 LTS precise
Fixed 2.4.8-1ubuntu2.2
10.04 LTS lucid
Fixed 2.3.11-1ubuntu2.8

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
freetype

References

Related Ubuntu Security Notices (USN)

    • USN-2510-1
    • FreeType vulnerabilities
    • 24 February 2015

Other references