CVE-2014-2241

Name of the Vulnerable Software and Affected Versions FreeType versions prior to 2.5.3

Description The issue is related to the cf2 initLocalRegionBuffer and cf2 initGlobalRegionBuffer functions in cff/cf2ft.c, which do not properly check if a subroutine exists. This allows remote attackers to cause a denial of service (assertion failure) by using a crafted ttf file.

Recommendations For versions prior to 2.5.3, update to version 2.5.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted ttf files to minimize the risk of exploitation.