Loading
The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.
Use Canonical vendor hub and Ubuntu Linux product page to widen CVE-2014-9674 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-32463, CVE-2022-1736 and CVE-2025-33208 for nearby disclosures in the same product family.