Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Debian_linux | Debian | 7.0 (including) | 7.0 (including) |
Red Hat Enterprise Linux 6 | RedHat | freetype-0:2.3.11-15.el6_6.1 | * |
Red Hat Enterprise Linux 7 | RedHat | freetype-0:2.4.11-10.el7_1.1 | * |
Freetype | Ubuntu | devel | * |
Freetype | Ubuntu | lucid | * |
Freetype | Ubuntu | precise | * |
Freetype | Ubuntu | trusty | * |
Freetype | Ubuntu | upstream | * |
Freetype | Ubuntu | utopic | * |