The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file.
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2015-02-08T11:00:00

Updated: 2017-06-30T16:57:01

Reserved: 2015-02-07T00:00:00


Link: CVE-2014-9665

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2015-02-08T11:59:27.337

Modified: 2018-10-30T16:27:35.843


Link: CVE-2014-9665

JSON object: View

cve-icon Redhat Information

No data.

CWE