Vulnerability Database

300,445

Total vulnerabilities in the database

CVE-2014-2241

The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.

Published: Mar 18, 2014
Updated: Nov 9, 2025
CVE: CVE-2014-2241
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
freetype / freetype	-	2.5.2.x
freetype / freetype	2.5.1	2.5.1.x
freetype / freetype	2.5	2.5.x
canonical / ubuntu_linux	13.10	13.10.x

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969
http://savannah.nongnu.org/bugs/?41697
http://secunia.com/advisories/57447
http://www.openwall.com/lists/oss-security/2014/03/12/4
http://www.ubuntu.com/usn/USN-2148-1

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo