https://bugzilla.redhat.com/show_bug.cgi?id=1172633
Bug ID: 1172633
Summary: freetype: OOB stack-based read/write in
cf2_hintmap_build() (incomplete fix for
CVE-2014-2240).
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: behdad(a)fedoraproject.org, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, lfarkas(a)lfarkas.org,
mkasik(a)redhat.com, rjones(a)redhat.com
It was reported [1] that Freetype before 2.5.4 suffers from an out-of-bounds
stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing
code, which could lead to a buffer overflow. This is due to an incomplete
fix for CVE-2014-2240.
Upstream patch is at [2]
Upstream bug with some additional info is at [3].
This new CFF handling code was introduced in Freetype 2.4.12 (new Type 2
interpreter and hinter); earlier versions are not affected. This is fixed in
2.5.4 [4].
[1]:
https://bugs.mageia.org/show_bug.cgi?id=14771
[2]:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0eae6e...
[3]:
http://savannah.nongnu.org/bugs/?43661
[4]:
http://sourceforge.net/projects/freetype/files/freetype2/2.5.4/
Statement:
Not vulnerable. This issue did not affect the versions of freetype as shipped
with Red Hat Enterprise Linux 5, 6 and 7.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=yLFKJV2zPY&a=cc_unsubscribe