CVE-2014-9665 (retired)

Priority
Description
The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does
not restrict the rows and pitch values of PNG data, which allows remote
attackers to cause a denial of service (integer overflow and heap-based
buffer overflow) or possibly have unspecified other impact by embedding a
PNG file in a .ttf font file.
Assigned-to
mdeslaur
More Information

Updated: 2019-09-19 15:51:32 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)