CVE-2014-9668

Published: 8 February 2015

The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file.

Priority

Status

Package	Release	Status
freetype Launchpad, Ubuntu, Debian	lucid	Not vulnerable (code not present)
	precise	Not vulnerable (code not present)
	trusty	Released (2.5.2-1ubuntu2.4)
	upstream	Released (2.5.4)
	utopic	Released (2.5.2-2ubuntu1.1)
	Patches: upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538

References

https://ubuntu.com/security/notices/USN-2510-1
https://www.cve.org/CVERecord?id=CVE-2014-9668
NVD
Launchpad
Debian

Bugs

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
http://code.google.com/p/google-security-research/issues/detail?id=164
http://savannah.nongnu.org/bugs/?43589

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›