Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-2240

Published: 12/03/2014 Updated: 26/01/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Freetype

Vulnerability Summary

Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType prior to 2.5.3 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.

Vulnerable Product Search on Vulmon Subscribe to Product

freetype freetype 2.5.1

freetype freetype

freetype freetype 2.0.6

freetype freetype 2.0.7

freetype freetype 2.1.5

freetype freetype 2.4.12

freetype freetype 2.5

freetype freetype 2.0.3

freetype freetype 2.0.4

freetype freetype 2.0.5

freetype freetype 2.1.3

freetype freetype 2.1.4

freetype freetype 2.1.9

freetype freetype 2.2.0

freetype freetype 2.3.2

freetype freetype 2.3.3

freetype freetype 2.3.4

freetype freetype 2.4.1

freetype freetype 2.4.10

freetype freetype 2.4.7

freetype freetype 2.4.8

freetype freetype 2.0.1

freetype freetype 2.0.2

freetype freetype 2.1

freetype freetype 2.1.10

freetype freetype 2.1.8

freetype freetype 2.3.11

freetype freetype 2.3.12

freetype freetype 2.3.9

freetype freetype 2.4.0

freetype freetype 2.4.5

freetype freetype 2.4.6

freetype freetype 1.3.1

freetype freetype 2.0.0

freetype freetype 2.0.8

freetype freetype 2.0.9

freetype freetype 2.1.7

freetype freetype 2.3.1

freetype freetype 2.3.10

freetype freetype 2.3.7

freetype freetype 2.3.8

freetype freetype 2.4.3

freetype freetype 2.4.4

freetype freetype 2.1.6

freetype freetype 2.2.1

freetype freetype 2.3.0

freetype freetype 2.3.5

freetype freetype 2.3.6

freetype freetype 2.4.11

freetype freetype 2.4.2

freetype freetype 2.4.9

Vendor Advisories

Ubuntu Security Notice: freetype vulnerabilities
FreeType could be made to crash or run programs as your login if it opened a specially crafted font file ...
Debian CVElist Bug Report Logs: freetype: various new security issues
Debian Bug report logs - #777656 freetype: various new security issues Package: src:freetype; Maintainer for src:freetype is Hugh McMaster <hughmcmaster@outlookcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 11 Feb 2015 06:54:07 UTC Severity: grave Tags: fixed-upstream, security, upstream Fo ...
Debian CVElist Bug Report Logs: freetype: CVE-2014-2240, CVE-2014-2241: stack OOB read/write, DoS
Debian Bug report logs - #741299 freetype: CVE-2014-2240, CVE-2014-2241: stack OOB read/write, DoS Package: src:freetype; Maintainer for src:freetype is Hugh McMaster <hughmcmaster@outlookcom>; Reported by: Raphael Geissert <geissert@debianorg> Date: Mon, 10 Mar 2014 22:21:01 UTC Severity: grave Tags: patch, secur ...

References

CWE-119http://www.freetype.org/index.htmlhttp://savannah.nongnu.org/bugs/?41697http://secunia.com/advisories/57291http://sourceforge.net/projects/freetype/files/freetype2/2.5.3http://www.securitytracker.com/id/1029895http://www.securityfocus.com/bid/66074http://www.ubuntu.com/usn/USN-2148-1http://secunia.com/advisories/57447https://usn.ubuntu.com/2148-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook