[Bug 659359] CVE-2010-4259 FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file header
bugzilla at redhat.com
bugzilla at redhat.com
Fri Dec 3 21:27:29 UTC 2010
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=659359
--- Comment #7 from Louis Simard <louis.simard at gmail.com> 2010-12-03 16:27:28 EST ---
Created attachment 464658
--> https://bugzilla.redhat.com/attachment.cgi?id=464658
fix for CVE-2010-4259 crash
Attached is a unified format patch which should copy strings correctly within
their allocated buffers, for many fields in the BDF file format, including
CHARSET_REGISTRY.
I have tested FontForge before and after the patch; it does not crash
predictably anymore.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the fonts-bugs
mailing list