Candidate: CVE-2014-9747
PublicDate: 2016-06-07 14:06:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9747
 http://www.openwall.com/lists/oss-security/2015/09/25
 https://ubuntu.com/security/notices/USN-2739-1
Description:
 The t42_parse_encoding function in type42/t42parse.c in FreeType before
 2.5.4 does not properly update the current position for immediates-only
 mode, which allows remote attackers to cause a denial of service (infinite
 loop) via a Type42 font.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_freetype:
upstream_freetype: needs-triage
precise_freetype: released (2.4.8-1ubuntu2.3)
trusty_freetype: released (2.5.2-1ubuntu2.5)
trusty/esm_freetype: released (2.5.2-1ubuntu2.5)
vivid_freetype: released (2.5.2-2ubuntu3.1)
devel_freetype: released (2.5.2-4ubuntu2)