Re: FreeType malformed compressed data issue

[Tavis Ormandy <taviso () google com>]

Hey, you're right, this one was just a non-exploitable crash, the
other issues were regular integer overflow. I didn't report this
particular one as a security issue, but it was fixed at the same time,
sorry for the confusion :-)

Thanks, Tavis.

2009/4/16 Steven M. Christey <coley () linus mitre org>:
> I'm processing CVE-2009-0946 for the various integer overflows found by
> Tavis Ormandy for FreeType, as captured in:
>
>  https://bugzilla.redhat.com/show_bug.cgi?id=491384
>
> But there's also this commit:
>
>    http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0a05ba257b6ddd87dacf8d54b626e4b360e0a596
>
> This bug doesn't smell exactly like an integer overflow, but there's not
> enough immediate context to tell.  Is this a different bug type?  If so,
> it needs a new CVE.
>
> - Steve