CVE Vulnerabilities

CVE-2014-9671

Published: Feb 08, 2015 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
4.3 LOW
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM

Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.

Affected Software

Name Vendor Start Version End Version
Enterprise_linux_desktop Redhat 6.0 (including) 6.0 (including)
Enterprise_linux_desktop Redhat 7.0 (including) 7.0 (including)
Enterprise_linux_hpc_node Redhat 6 (including) 6 (including)
Enterprise_linux_hpc_node Redhat 7.0 (including) 7.0 (including)
Enterprise_linux_hpc_node_eus Redhat 7.1 (including) 7.1 (including)
Enterprise_linux_server Redhat 6.0 (including) 6.0 (including)
Enterprise_linux_server Redhat 7.0 (including) 7.0 (including)
Enterprise_linux_server_eus Redhat 6.6.z (including) 6.6.z (including)
Enterprise_linux_server_eus Redhat 7.1 (including) 7.1 (including)
Enterprise_linux_workstation Redhat 6.0 (including) 6.0 (including)
Enterprise_linux_workstation Redhat 7.0 (including) 7.0 (including)
Red Hat Enterprise Linux 6 RedHat freetype-0:2.3.11-15.el6_6.1 *
Red Hat Enterprise Linux 7 RedHat freetype-0:2.4.11-10.el7_1.1 *
Freetype Ubuntu devel *
Freetype Ubuntu lucid *
Freetype Ubuntu precise *
Freetype Ubuntu trusty *
Freetype Ubuntu upstream *
Freetype Ubuntu utopic *

References