Off-by-one Error in FreeType PCF File Parsing Function

Off-by-one Error in FreeType PCF File Parsing Function

CVE-2014-9671 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.

Learn more about our Web Application Penetration Testing UK.