CVE-2014-9666 (retired)

Priority
Description
The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4
proceeds with a count-to-size association without restricting the count
value, which allows remote attackers to cause a denial of service (integer
overflow and out-of-bounds read) or possibly have unspecified other impact
via a crafted embedded bitmap.
Notes
 mdeslaur> in precise, this is in src/sfnt/ttsbit0.c
Assigned-to
mdeslaur
More Information

Updated: 2019-08-23 09:04:56 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)