CVE-2014-9746 — Improper Input Validation in Freetype

CWE-20 — Improper Input Validation6 documents6 sources

Severity

9.8CRITICALNVD

EPSS

0.8%

top 25.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freetype Debian Freetype Debian Linux

Timeline

PublishedJun 7

Latest updateMay 14

Description

The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matrix function in cid/cidload.c, (3) t42_parse_font_matrix function in type42/t42parse.c, and (4) ps_parser_load_field function in psaux/psobjs.c in FreeType before 2.5.4 do not check return values, which allows remote attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted font.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/freetype< freetype 2.6-1 (bookworm)

▶Debianfreetype/freetype< 2.6-1+3

▶NVDfreetype/freetype2.5.3

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

GHSA

GHSA-pmv7-6mc8-3vhg: The (1) t1_parse_font_matrix function in type1/t1load↗2022-05-14

▶

OSV

CVE-2014-9746: The (1) t1_parse_font_matrix function in type1/t1load↗2016-06-07

▶

📋Vendor Advisories

Red Hat

freetype: Use of uninitialized memory↗2014-01-22

▶

Debian

CVE-2014-9746: freetype - The (1) t1_parse_font_matrix function in type1/t1load.c, (2) cid_parse_font_matr...↗2014

▶

💬Community

Bugzilla

CVE-2014-9746 CVE-2014-9747 freetype: Use of uninitialized memory↗2015-09-11

▶