https://bugzilla.redhat.com/show_bug.cgi?id=1763609
--- Comment #8 from Marco Benatto <mbenatto(a)redhat.com> ---
The freetype library is able to handle PostScript created fonts, however
there's an issue when handling PostScript balanced expressions. On
ps_parser_skip_PS_token() a lack of proper validation may lead the reading
cursor holding the current position being processed to go beyond the end of the
text content. This further causes an out of bounds read o skip_comment()
function. An attacker may leverage this bug by creating a crafted input file
causing low confidentiality impact as unexpected data may be exposed as a
result of the over-read.
--
You are receiving this mail because:
You are on the CC list for the bug.