[Bug 1172633] New: freetype: OOB stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240).

bugzilla at redhat.com bugzilla at redhat.com
Wed Dec 10 13:37:19 UTC 2014


            Bug ID: 1172633
           Summary: freetype: OOB stack-based read/write in
                    cf2_hintmap_build() (incomplete fix for
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: high
          Priority: high
          Assignee: security-response-team at redhat.com
          Reporter: vkaigoro at redhat.com
                CC: behdad at fedoraproject.org, erik-fedora at vanpienbroek.nl,
                    fedora-mingw at lists.fedoraproject.org,
                    fonts-bugs at lists.fedoraproject.org,
                    kevin at tigcc.ticalc.org, lfarkas at lfarkas.org,
                    mkasik at redhat.com, rjones at redhat.com

It was reported [1] that Freetype before 2.5.4 suffers from an out-of-bounds
stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing
code, which could lead to a buffer overflow.  This is due to an incomplete
fix for CVE-2014-2240.

Upstream patch is at [2]
Upstream bug with some additional info is at [3].

This new CFF handling code was introduced in Freetype 2.4.12 (new Type 2
interpreter and hinter); earlier versions are not affected.  This is fixed in
2.5.4 [4].

[1]: https://bugs.mageia.org/show_bug.cgi?id=14771
[3]: http://savannah.nongnu.org/bugs/?43661
[4]: http://sourceforge.net/projects/freetype/files/freetype2/2.5.4/


Not vulnerable. This issue did not affect the versions of freetype as shipped
with Red Hat Enterprise Linux 5, 6 and 7.

You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=8xkkHm8nwp&a=cc_unsubscribe

More information about the fonts-bugs mailing list