[Bug 1191095] CVE-2014-9672 freetype: Array index error in the parse_fond function in base/ftmac.c
bugzilla at redhat.com
bugzilla at redhat.com
Mon Feb 23 19:43:43 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1191095
Tomas Hoger <thoger at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|medium |low
Status|NEW |CLOSED
Fixed In Version| |freetype 2.5.4
Resolution|--- |NOTABUG
Whiteboard|impact=moderate,public=2014 |impact=low,public=20141124,
|1124,reported=20150210,sour |reported=20150210,source=cv
|ce=cve,cvss2=3.7/AV:L/AC:H/ |e,cvss2=4.3/AV:N/AC:M/Au:N/
|Au:N/C:P/I:P/A:P,fedora-all |C:N/I:N/A:P,cwe=CWE-129,rhe
|/freetype=affected,rhel-5/f |l-4/freetype=notaffected,rh
|reetype=new,rhel-6/freetype |el-5/freetype=notaffected,r
|=new,rhel-7/freetype=new |hel-6/freetype=notaffected,
| |rhel-7/freetype=notaffected
| |,rhev-m-3/mingw-virt-viewer
| |=notaffected,fedora-all/fre
| |etype=notaffected,fedora-al
| |l/mingw-freetype=notaffecte
| |d,epel-7/mingw-freetype=not
| |affected
Severity|medium |low
Last Closed| |2015-02-23 14:43:43
--- Comment #1 from Tomas Hoger <thoger at redhat.com> ---
Upstream bug is:
https://savannah.nongnu.org/bugs/?43540
It remains non-public to date.
Issue was fixed upstream in 2.5.4.
Affected code is not built and used in freetype packages in Red Hat Enterprise
Linux and Fedora. The code is only used on MacOS platform.
Statement:
Not vulnerable. This issue did not affect the versions of freetype as shipped
with Red Hat Enterprise Linux 5, 6 and 7.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=HC4vNch4em&a=cc_unsubscribe
More information about the fonts-bugs
mailing list