Common Vulnerabilities and Exposures assigned CVE-2014-9657 to the following issue:
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4
does not establish a minimum record size, which allows remote attackers to cause
a denial of service (out-of-bounds read) or possibly have unspecified other
impact via a crafted TrueType font.
Created freetype tracking bugs for this issue:
Affects: fedora-all [bug 1191099]
Upstream bug is:
Issue was fixed upstream in 2.5.4.
This is a single byte heap-based buffer over-read. A probability of this causing crash is extremely low.
freetype-2.5.3-15.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
freetype-2.5.0-9.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2015:0696 https://rhn.redhat.com/errata/RHSA-2015-0696.html