Unrated severityNVD Advisory· Published Feb 8, 2015· Updated May 6, 2026

CVE-2014-9669

Description

Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/nvdPatchVendor Advisory
code.google.com/p/google-security-research/issues/detailnvdExploit
advisories.mageia.org/MGASA-2015-0083.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-February/150148.htmlnvdThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2015-February/150162.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-updates/2015-03/msg00091.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2015-0696.htmlnvdThird Party Advisory
www.debian.org/security/2015/dsa-3188nvdThird Party Advisory
www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlnvdThird Party Advisory
www.ubuntu.com/usn/USN-2510-1nvdThird Party Advisory
www.ubuntu.com/usn/USN-2739-1nvdThird Party Advisory
www.mandriva.com/security/advisoriesnvdBroken Link
www.securityfocus.com/bid/72986nvd
security.gentoo.org/glsa/201503-05nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000