Loading
Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.
Use CWE-189, Debian vendor hub and Debian Linux product page to widen CVE-2014-9670 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-68670, CVE-2025-62600 and CVE-2025-62599 for nearby disclosures in the same product family.