{"id":"CVE-2014-2240","details":"Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.","modified":"2026-03-11T07:48:38.808213089Z","published":"2014-03-12T14:55:30Z","withdrawn":"2026-01-27T04:12:35.042176Z","related":["MGASA-2014-0130","SUSE-SU-2015:0455-1","SUSE-SU-2025:20204-1","openSUSE-SU-2024:10172-1","openSUSE-SU-2024:10438-1"],"references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/57291"},{"type":"ADVISORY","url":"http://secunia.com/advisories/57447"},{"type":"FIX","url":"http://www.freetype.org/index.html"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2148-1"},{"type":"WEB","url":"http://savannah.nongnu.org/bugs/?41697"},{"type":"WEB","url":"http://sourceforge.net/projects/freetype/files/freetype2/2.5.3"},{"type":"WEB","url":"http://www.securityfocus.com/bid/66074"},{"type":"WEB","url":"http://www.securitytracker.com/id/1029895"}],"schema_version":"1.7.3"}