CVE-2014-9670

Public on 2015-02-08
Modified on 2015-04-01
Description
Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.
Severity
Low severity
Low
CVSS v3 Base Score
4.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 freetype 2015-04-01 ALAS-2015-502 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P
NVD CVSSv2 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P