FreeType parse_encoding Function Denial of Service Vulnerability (CVE-2014-9745)
FreeType parse_encoding Function Denial of Service Vulnerability (CVE-2014-9745)
Release date:
Updated on:
Affected Systems:
FreeType <2.5.3
Description:
CVE (CAN) ID: CVE-2014-9745
FreeType is a popular font function library.
In versions earlier than FreeType 2.5.3, The parse_encoding function of type1/t1load. c has a security vulnerability. Remote attackers can exploit this vulnerability to cause DoS (infinite loops ).
<* Source: vendor
*>
Suggestion:
Vendor patch:
FreeType
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit? Id = df14e6c0b9592cbb24d5381dfc6417b14f915e75
Https://code.google.com/p/chromium/issues/detail? Id = 459050
Https://bugs.launchpad.net/ubuntu/+source/freetype/+bug/1492124
FreeType details: click here
FreeType: click here
This article permanently updates the link address: