CVE-2014-9659

NameCVE-2014-9659
Descriptioncff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs773084, 777656

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
freetype (PTS)bullseye2.10.4+dfsg-1+deb11u1fixed
bullseye (security)2.10.4+dfsg-1+deb11u2fixed
bookworm2.12.1+dfsg-5+deb12u3fixed
bookworm (security)2.12.1+dfsg-5+deb12u4fixed
trixie, sid2.13.3+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
freetypesourcesqueeze(not affected)
freetypesourcewheezy(not affected)
freetypesource(unstable)2.5.2-3773084, 777656

Notes

[wheezy] - freetype <not-affected> (vulnerable code not present and thus incomplete fix not applied as well)
[squeeze] - freetype <not-affected> (vulnerable code not present and thus incomplete fix not applied as well)
https://savannah.nongnu.org/bugs/?43661
http://code.google.com/p/google-security-research/issues/detail?id=190
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f873237f1c77d43540537c7a721d3fd8
CVE due to incomplete fix for CVE-2014-2240
Search for package or bug name: Reporting problems