https://bugzilla.redhat.com/show_bug.cgi?id=1172633
Bug ID: 1172633
Summary: freetype: OOB stack-based read/write in
cf2_hintmap_build() (incomplete fix for
CVE-2014-2240).
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-t...@redhat.com
Reporter: vkaig...@redhat.com
CC: beh...@fedoraproject.org, erik-fed...@vanpienbroek.nl,
fedora-mi...@lists.fedoraproject.org,
fonts-b...@lists.fedoraproject.org,
ke...@tigcc.ticalc.org, lfar...@lfarkas.org,
mka...@redhat.com, rjo...@redhat.com
It was reported [1] that Freetype before 2.5.4 suffers from an out-of-bounds
stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing
code, which could lead to a buffer overflow. This is due to an incomplete
fix for CVE-2014-2240.
Upstream patch is at [2]
Upstream bug with some additional info is at [3].
This new CFF handling code was introduced in Freetype 2.4.12 (new Type 2
interpreter and hinter); earlier versions are not affected. This is fixed in
2.5.4 [4].
[1]: https://bugs.mageia.org/show_bug.cgi?id=14771
[2]:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0eae6eb0645264c98812f0095e0f5df4541830e6
[3]: http://savannah.nongnu.org/bugs/?43661
[4]: http://sourceforge.net/projects/freetype/files/freetype2/2.5.4/
Statement:
Not vulnerable. This issue did not affect the versions of freetype as shipped
with Red Hat Enterprise Linux 5, 6 and 7.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=yLFKJV2zPY&a=cc_unsubscribe
_______________________________________________
mingw mailing list
mingw@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/mingw
