mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-11 00:14:52 +02:00
0xMarcio
1.0 KiB
1.0 KiB
CVE-2014-9661
Description
type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.
POC
Reference
- http://packetstormsecurity.com/files/134396/FreeType-2.5.3-Type42-Parsing-Use-After-Free.html
- http://packetstormsecurity.com/files/134396/FreeType-2.5.3-Type42-Parsing-Use-After-Free.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Github
No PoCs found on GitHub currently.