Heap-based Buffer Overflow in FreeType's cff/cf2ft.c

Heap-based Buffer Overflow in FreeType's cff/cf2ft.c

CVE-2014-9662 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.

Learn more about our Web Application Penetration Testing UK.