[Bug 800594] CVE-2012-1136 freetype: uninitialized pointer use in BDF parser _bdf_parse_glyphs() (#35641)
bugzilla at redhat.com
bugzilla at redhat.com
Fri Mar 16 12:59:36 UTC 2012
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=800594
Tomas Hoger <thoger at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|vulnerability |task
Summary|CVE-2012-1136 freetype: |CVE-2012-1136 freetype:
|Out-of heap-based buffer |uninitialized pointer use
|write by parsing BDF glyph |in BDF parser
|and bitmaps information |_bdf_parse_glyphs()
|with missing ENCODING field |(#35641)
|(FU#35641) |
Status Whiteboard|impact=important,public=201 |impact=important,public=201
|20227,reported=20120302,sou |20227,reported=20120302,sou
|rce=google,cvss2=6.8/AV:N/A |rce=google,cvss2=6.8/AV:N/A
|C:M/Au:N/C:P/I:P/A:P,rhel-5 |C:M/Au:N/C:P/I:P/A:P,rhel-5
|/freetype=affected,rhel-6/f |/freetype=affected,rhel-6/f
|reetype=affected,fedora-all |reetype=affected,fedora-all
|/freetype=affected |/freetype=affected,fedora-a
| |ll/mingw32-freetype=affecte
| |d
--- Comment #7 from Tomas Hoger <thoger at redhat.com> 2012-03-16 08:59:34 EDT ---
This occurs when parsing glyphs that use DWIDTH and BBOX parameters
before/without specifying ENCODING parameter.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the fonts-bugs
mailing list