[Bug 1172633] New: freetype: OOB stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240).
bugzilla at redhat.com
bugzilla at redhat.com
Wed Dec 10 13:37:19 UTC 2014
https://bugzilla.redhat.com/show_bug.cgi?id=1172633
Bug ID: 1172633
Summary: freetype: OOB stack-based read/write in
cf2_hintmap_build() (incomplete fix for
CVE-2014-2240).
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team at redhat.com
Reporter: vkaigoro at redhat.com
CC: behdad at fedoraproject.org, erik-fedora at vanpienbroek.nl,
fedora-mingw at lists.fedoraproject.org,
fonts-bugs at lists.fedoraproject.org,
kevin at tigcc.ticalc.org, lfarkas at lfarkas.org,
mkasik at redhat.com, rjones at redhat.com
It was reported [1] that Freetype before 2.5.4 suffers from an out-of-bounds
stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing
code, which could lead to a buffer overflow. This is due to an incomplete
fix for CVE-2014-2240.
Upstream patch is at [2]
Upstream bug with some additional info is at [3].
This new CFF handling code was introduced in Freetype 2.4.12 (new Type 2
interpreter and hinter); earlier versions are not affected. This is fixed in
2.5.4 [4].
[1]: https://bugs.mageia.org/show_bug.cgi?id=14771
[2]:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0eae6eb0645264c98812f0095e0f5df4541830e6
[3]: http://savannah.nongnu.org/bugs/?43661
[4]: http://sourceforge.net/projects/freetype/files/freetype2/2.5.4/
Statement:
Not vulnerable. This issue did not affect the versions of freetype as shipped
with Red Hat Enterprise Linux 5, 6 and 7.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=8xkkHm8nwp&a=cc_unsubscribe
More information about the fonts-bugs
mailing list