Loading
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
Use CWE-125, Oracle vendor hub and Solaris product page to widen CVE-2014-9658 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-36038, CVE-2025-36128 and CVE-2026-34281 for nearby disclosures in the same product family.