cff/cf2intrp.c in the CFF CharString interpreter in FreeType prior to 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote malicious users to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle solaris 10.0 |
||
oracle solaris 11.2 |
||
freetype freetype |
||
fedoraproject fedora 21 |
||
fedoraproject fedora 20 |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 13.2 |
||
canonical ubuntu linux 15.04 |
||
canonical ubuntu linux 14.10 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 10.04 |