Common Vulnerabilities and Exposures assigned CVE-2014-9672 to the following issue:
Array index error in the parse_fond function in base/ftmac.c in FreeType before
2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read)
or obtain sensitive information from process memory via a crafted FOND resource
in a Mac font file.
Upstream bug is:
It remains non-public to date.
Issue was fixed upstream in 2.5.4.
Affected code is not built and used in freetype packages in Red Hat Enterprise Linux and Fedora. The code is only used on MacOS platform.
Not vulnerable. This issue did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 5, 6 and 7.