1
PublicDateAtUSN: 2015-02-08
2
Candidate: CVE-2014-9662
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9662
6
https://usn.ubuntu.com/usn/usn-2510-1
8
cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of
9
point-allocation functions, which allows remote attackers to cause a denial
10
of service (heap-based buffer overflow) or possibly have unspecified other
11
impact via a crafted OTF font.
15
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
16
http://savannah.nongnu.org/bugs/?43658
17
http://code.google.com/p/google-security-research/issues/detail?id=185
19
Discovered-by: Mateusz Jurczyk
23
upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5f201ab5c24cb69bc96b724fd66e739928d6c5e2
24
upstream_freetype: released (2.5.4)
25
lucid_freetype: not-affected (code not present)
26
precise_freetype: not-affected (code not present)
27
trusty_freetype: released (2.5.2-1ubuntu2.4)
28
utopic_freetype: released (2.5.2-2ubuntu1.1)
29
devel_freetype: released (2.5.2-2ubuntu3)