[Bug 800590] CVE-2012-1132 freetype: heap buffer over-read in Type1 parser parse_subrs() (#35606)

bugzilla at redhat.com bugzilla at redhat.com
Thu Mar 15 17:26:00 UTC 2012

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


Tomas Hoger <thoger at redhat.com> changed:

           What    |Removed                     |Added
            Summary|CVE-2012-1132 freetype:     |CVE-2012-1132 freetype:
                   |Out-of heap-based buffer    |heap buffer over-read in
                   |read flaw in Type1 font     |Type1 parser parse_subrs()
                   |loader by parsing font      |(#35606)
                   |dictionary entries          |
                   |(FU#35606)                  |
  Status Whiteboard|impact=low,public=20120223, |impact=low,public=20120223,
                   |reported=20120302,source=go |reported=20120302,source=se
                   |ogle,cvss2=4.3/AV:N/AC:M/Au |calert,cvss2=2.6/AV:N/AC:H/
                   |:N/C:N/I:N/A:P,rhel-5/freet |Au:N/C:N/I:N/A:P,rhel-5/fre
                   |ype=affected,rhel-6/freetyp |etype=affected,rhel-6/freet
                   |e=affected,fedora-all/freet |ype=affected,fedora-all/fre
                   |ype=affected                |etype=affected,fedora-all/m
                   |                            |ingw32-freetype=affected

Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the fonts-bugs mailing list