NVD

Id
30698  
Name
CVE-2014-2241  
Description
The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-03-18  
Modified Date
2014-04-01  
Seq
2014-2241  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
161818 30698 CVE-2014-2241 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969  View
161819 30698 CVE-2014-2241 http://savannah.nongnu.org/bugs/?41697  View
161820 30698 CVE-2014-2241 [oss-security] 20140312 Re: Two stack-based issues in freetype [NOT a request]  View
161821 30698 CVE-2014-2241 USN-2148-1  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
12878 JVNDB-2014-001753 FreeType の cff/cf2ft.c におけるサービス運用妨害 (DoS) の脆弱性 FreeType の cff/cf2ft.c の (1) cf2_initLocalRegionBuffer 関数および (2) cf2_initGlobalRegionBuffer 関数は、サブルーチンが存在するかどうかを適切にチェックしないため、サービス運用妨害 (表明違反) 状態にされる脆弱性が存在します。 CVE-2014-2241 69528 CVE-2014-2241 30698 6.8 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-001753.html 2014-02-28 2014-03-24 View