Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-qfk8-g847-a3aj
Vulnerability ID VCID-qfk8-g847-a3aj
Aliases CVE-2014-2241
Summary The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-121 Stack-based Buffer Overflow
System Score Found at
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2014-2241
epss 0.00618 https://api.first.org/data/v1/epss?cve=CVE-2014-2241
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2241.json
https://api.first.org/data/v1/epss?cve=CVE-2014-2241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2241
1074646 https://bugzilla.redhat.com/show_bug.cgi?id=1074646
741299 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741299
USN-2148-1 https://usn.ubuntu.com/2148-1/
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.70346
EPSS Score 0.00618
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:37:32.986071+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0