Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Enterprise_linux_desktop | Redhat | 6.0 (including) | 6.0 (including) |
| Enterprise_linux_desktop | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux_hpc_node | Redhat | 6 (including) | 6 (including) |
| Enterprise_linux_hpc_node | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux_hpc_node_eus | Redhat | 7.1 (including) | 7.1 (including) |
| Enterprise_linux_server | Redhat | 6.0 (including) | 6.0 (including) |
| Enterprise_linux_server | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux_server_eus | Redhat | 6.6.z (including) | 6.6.z (including) |
| Enterprise_linux_server_eus | Redhat | 7.1 (including) | 7.1 (including) |
| Enterprise_linux_workstation | Redhat | 6.0 (including) | 6.0 (including) |
| Enterprise_linux_workstation | Redhat | 7.0 (including) | 7.0 (including) |