Candidate: CVE-2014-9746
PublicDate: 2016-06-07 14:06:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9746
 http://www.openwall.com/lists/oss-security/2015/09/25/4
 https://ubuntu.com/security/notices/USN-2739-1
Description:
 The (1) t1_parse_font_matrix function in type1/t1load.c, (2)
 cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix
 function in type42/t42parse.c, and (4) ps_parser_load_field function in
 psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which
 allows remote attackers to cause a denial of service (uninitialized memory
 access and application crash) or possibly have unspecified other impact via
 a crafted font.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_freetype:
upstream_freetype: needs-triage
precise_freetype: released (2.4.8-1ubuntu2.3)
trusty_freetype: released (2.5.2-1ubuntu2.5)
trusty/esm_freetype: released (2.5.2-1ubuntu2.5)
vivid_freetype: released (2.5.2-2ubuntu3.1)
devel_freetype: released (2.5.2-4ubuntu2)