Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-2nqu-79u6-kkez
Vulnerability ID VCID-2nqu-79u6-kkez
Aliases CVE-2014-9659
Summary cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-121 Stack-based Buffer Overflow
System Score Found at
epss 0.02849 https://api.first.org/data/v1/epss?cve=CVE-2014-9659
epss 0.02849 https://api.first.org/data/v1/epss?cve=CVE-2014-9659
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9659.json
https://api.first.org/data/v1/epss?cve=CVE-2014-9659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9659
1191081 https://bugzilla.redhat.com/show_bug.cgi?id=1191081
777656 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777656
GLSA-201503-05 https://security.gentoo.org/glsa/201503-05
USN-2510-1 https://usn.ubuntu.com/2510-1/
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.86495
EPSS Score 0.02849
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:37:33.108903+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0