[Bug 1191084] CVE-2014-9662 freetype: heap-based buffer overflow in cff/cf2ft.c
bugzilla at redhat.com
bugzilla at redhat.com
Fri Feb 20 13:05:23 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1191084
Tomas Hoger <thoger at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|medium |high
Status|NEW |CLOSED
Fixed In Version| |freetype 2.5.4
Resolution|--- |NOTABUG
Whiteboard|impact=moderate,public=2014 |impact=important,public=201
|1124,reported=20150210,sour |41124,reported=20150210,sou
|ce=cve,cvss2=3.7/AV:L/AC:H/ |rce=cve,cvss2=6.8/AV:N/AC:M
|Au:N/C:P/I:P/A:P,fedora-all |/Au:N/C:P/I:P/A:P,cwe=CWE-1
|/freetype=affected,rhel-5/f |22,rhel-4/freetype=notaffec
|reetype=new,rhel-6/freetype |ted,rhel-5/freetype=notaffe
|=new,rhel-7/freetype=new |cted,rhel-6/freetype=notaff
| |ected,rhel-7/freetype=notaf
| |fected,rhev-m-3/mingw-virt-
| |viewer=notaffected,fedora-a
| |ll/freetype=affected,fedora
| |-all/mingw-freetype=affecte
| |d,epel-7/mingw-freetype=aff
| |ected
Severity|medium |high
Last Closed| |2015-02-20 08:05:23
--- Comment #4 from Tomas Hoger <thoger at redhat.com> ---
Upstream bug is:
https://savannah.nongnu.org/bugs/?43658
Issue was fixed upstream in 2.5.4.
The CFF parsing code affected by this issue was only introduced in upstream
version 2.4.12, and enabled by default in 2.5. The affected code is not in
freetype packages in Red Hat Enterprise Linux 7 and earlier, which are based on
earlier upstream versions.
Statement:
Not vulnerable. This issue did not affect the versions of freetype as shipped
with Red Hat Enterprise Linux 5, 6 and 7.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=SqchprDmsL&a=cc_unsubscribe
More information about the fonts-bugs
mailing list