Out-of-bounds Read

CVE-2014-9658

High

7.5/10

Summary

The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-125 - Out-of-Bounds Read

Out-of-bounds read is a vulnerability that allows access to memory beyond the authorized accessible location. Such a vulnerability compromises the confidentiality of the trusted environment in the application and enables an attacker to launch further attacks by leveraging the exposed information.

References

Advisory Timeline

Published Feb 08, 2015

Out-of-bounds Read

CVE-2014-9658

Summary

CWE-125 - Out-of-Bounds Read

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS