https://bugzilla.redhat.com/show_bug.cgi?id=1172633 Bug ID: 1172633 Summary: freetype: OOB stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240). Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: behdad(a)fedoraproject.org, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, lfarkas(a)lfarkas.org, mkasik(a)redhat.com, rjones(a)redhat.com It was reported [1] that Freetype before 2.5.4 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow. This is due to an incomplete fix for CVE-2014-2240. Upstream patch is at [2] Upstream bug with some additional info is at [3]. This new CFF handling code was introduced in Freetype 2.4.12 (new Type 2 interpreter and hinter); earlier versions are not affected. This is fixed in 2.5.4 [4]. [1]: https://bugs.mageia.org/show_bug.cgi?id=14771 [2]: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0eae6e... [3]: http://savannah.nongnu.org/bugs/?43661 [4]: http://sourceforge.net/projects/freetype/files/freetype2/2.5.4/ Statement: Not vulnerable. This issue did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 5, 6 and 7. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=yLFKJV2zPY&a=cc_unsubscribe