oss-sec mailing list archives
Re: Possible CVE request: freetype: out-of-bounds stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240)
From: Mateusz Jurczyk <j00ru.vx () gmail com>
Date: Wed, 10 Dec 2014 14:56:29 +0100
Hey, original finder of both vulnerabilities here. I've sent a CVE request to MITRE today for this and multiple other vulnerabilities fixed in 2.5.4, I'll update this thread once they are assigned. Cheers, Mateusz 2014-12-10 14:45 GMT+01:00 Vasyl Kaigorodov <vkaigoro () redhat com>:
Hello, Freetype version 2.5.4 fixes another out-of-bounds stack-based read/write which is similar to CVE-2014-2240. Does it deserve a separate CVE? If so - please assign one. Upstream bug: http://savannah.nongnu.org/bugs/?43661 References: http://sourceforge.net/projects/freetype/files/freetype2/2.5.4/ https://bugs.mageia.org/show_bug.cgi?id=14771 https://bugzilla.redhat.com/show_bug.cgi?id=1172633 Thanks. -- Vasyl Kaigorodov | Red Hat Product Security PGP: 0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828
Current thread:
- Possible CVE request: freetype: out-of-bounds stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240) Vasyl Kaigorodov (Dec 10)
- Re: Possible CVE request: freetype: out-of-bounds stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240) Mateusz Jurczyk (Dec 10)