Loading
sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.
Use CWE-119, Debian vendor hub and Debian Linux product page to widen CVE-2014-9667 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-68670, CVE-2025-62600 and CVE-2025-62599 for nearby disclosures in the same product family.