Published: 07/06/2016 Updated: 08/06/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The t42_parse_encoding function in type42/t42parse.c in FreeType prior to 2.5.4 does not properly update the current position for immediates-only mode, which allows remote malicious users to cause a denial of service (infinite loop) via a Type42 font.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freetype freetype
debian debian linux 7.0
debian debian linux 8.0

It was discovered that FreeType did not properly handle some malformed inputs This could allow remote attackers to cause a denial of service (crash) via crafted font files For the oldstable distribution (wheezy), these problems have been fixed in version 249-11+deb7u2 For the stable distribution (jessie), these problems have been fixed in ver ...

The t42_parse_encoding function in type42/t42parsec in FreeType before 254 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font ...

CWE-399 http://www.openwall.com/lists/oss-security/2015/09/11/4 http://www.openwall.com/lists/oss-security/2015/09/25/4 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/src/type42/t42parse.c?id=8b281f83e8516535756f92dbf90940ac44bd45e1 https://savannah.nongnu.org/bugs/?41309 http://www.debian.org/security/2015/dsa-3370 https://nvd.nist.gov https://www.debian.org/security/./dsa-3370

CVE-2014-9747

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect