Computer Security
[EN] securityvulns.ru no-pyccku


FreeType memory corruption
Published:18.03.2014
Source:
SecurityVulns ID:13610
Type:library
Threat Level:
6/10
Description:Few different memory corruptions.
CVE:CVE-2014-2241 (The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.)
 CVE-2014-2240 (Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.)
Original documentdocumentUBUNTU, [USN-2148-1] FreeType vulnerabilities (18.03.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod