Common Vulnerabilities and Exposures assigned CVE-2014-9664 to the following issue:
FreeType before 2.5.4 does not check for the end of the data during certain
parsing actions, which allows remote attackers to cause a denial of service
(out-of-bounds read) or possibly have unspecified other impact via a crafted
Type42 font, related to type42/t42parse.c and type1/t1load.c.
Created freetype tracking bugs for this issue:
Affects: fedora-all [bug 1191099]
freetype-2.5.3-15.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
freetype-2.5.0-9.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Upstream bug is:
Issue was fixed upstream in 2.5.4.
This CVE is for multiple off-by-one buffer reads in parse_charstrings() and t42_parse_charstrings(). Probability of this causing a crash is low.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2015:0696 https://rhn.redhat.com/errata/RHSA-2015-0696.html