Common Vulnerabilities and Exposures assigned CVE-2014-9657 to the following issue: The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. http://code.google.com/p/google-security-research/issues/detail?id=195 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=eca0f067068020870a429fe91f6329e499390d55
Created freetype tracking bugs for this issue: Affects: fedora-all [bug 1191099]
Upstream bug is: https://savannah.nongnu.org/bugs/?43679 Issue was fixed upstream in 2.5.4. This is a single byte heap-based buffer over-read. A probability of this causing crash is extremely low.
freetype-2.5.3-15.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
freetype-2.5.0-9.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2015:0696 https://rhn.redhat.com/errata/RHSA-2015-0696.html