https://bugzilla.redhat.com/show_bug.cgi?id=1429965
Bug ID: 1429965
Summary: CVE-2016-10244 freetype: parse_charstrings function in
type1/t1load.c does not ensure that a font contains a
glyph name
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com,
cfergeau(a)redhat.com, dblechte(a)redhat.com,
eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com,
kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com,
mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com,
mkasik(a)redhat.com, rbalakri(a)redhat.com,
rh-spice-bugs(a)redhat.com, rjones(a)redhat.com,
sherold(a)redhat.com, srevivo(a)redhat.com,
ydary(a)redhat.com, ykaul(a)redhat.com
The parse_charstrings function in type1/t1load.c in FreeType 2 does not ensure
that a font contains a glyph name, which allows remote attackers to cause a
denial of service (heap-based buffer over-read) or possibly have unspecified
other impact via a crafted file.
References:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36
Upstream patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/...
--
You are receiving this mail because:
You are on the CC list for the bug.