Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-9746

Published: 07/06/2016 Updated: 19/07/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Freetype

Vulnerability Summary

The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType prior to 2.5.4 do not check return values, which allows remote malicious users to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

freetype freetype

debian debian linux 8.0

debian debian linux 7.0

Vendor Advisories

Debian Security Advisories: DSA-3370-1 freetype -- security update
It was discovered that FreeType did not properly handle some malformed inputs This could allow remote attackers to cause a denial of service (crash) via crafted font files For the oldstable distribution (wheezy), these problems have been fixed in version 249-11+deb7u2 For the stable distribution (jessie), these problems have been fixed in ver ...
Red Hat: CVE-2014-9746
The (1) t1_parse_font_matrix function in type1/t1loadc, (2) cid_parse_font_matrix function in cid/cidloadc, (3) t42_parse_font_matrix function in type42/t42parsec, and (4) ps_parser_load_field function in psaux/psobjsc in FreeType before 254 do not check return values, which allows remote attackers to cause a denial of service (uninitialized ...

References

CWE-20http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1http://www.openwall.com/lists/oss-security/2015/09/11/4http://www.openwall.com/lists/oss-security/2015/09/25/4https://savannah.nongnu.org/bugs/?41309http://www.debian.org/security/2015/dsa-3370http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-3370
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook