https://bugzilla.redhat.com/show_bug.cgi?id=1444895
Bug ID: 1444895
Summary: CVE-2016-10328 freetype: heap-based buffer overflow
related to the cff_parser_run function
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com,
cfergeau(a)redhat.com, dblechte(a)redhat.com,
eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com,
kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com,
mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com,
mkasik(a)redhat.com, rbalakri(a)redhat.com,
rh-spice-bugs(a)redhat.com, rjones(a)redhat.com,
sherold(a)redhat.com, srevivo(a)redhat.com,
ydary(a)redhat.com, ykaul(a)redhat.com
FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based
buffer overflow related to the cff_parser_run function in cff/cffparse.c.
Bug report:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289
--
You are receiving this mail because:
You are on the CC list for the bug.