Common Vulnerabilities and Exposures assigned CVE-2014-9672 to the following issue: Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file. http://code.google.com/p/google-security-research/issues/detail?id=155 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=18a8f0d9943369449bc4de92d411c78fb08d616c
Upstream bug is: https://savannah.nongnu.org/bugs/?43540 It remains non-public to date. Issue was fixed upstream in 2.5.4. Affected code is not built and used in freetype packages in Red Hat Enterprise Linux and Fedora. The code is only used on MacOS platform. Statement: Not vulnerable. This issue did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 5, 6 and 7.