oss-sec mailing list archives
Re: FreeType malformed compressed data issue
From: Tavis Ormandy <taviso () google com>
Date: Thu, 16 Apr 2009 19:15:41 +0200
Hey, you're right, this one was just a non-exploitable crash, the other issues were regular integer overflow. I didn't report this particular one as a security issue, but it was fixed at the same time, sorry for the confusion :-) Thanks, Tavis. 2009/4/16 Steven M. Christey <coley () linus mitre org>:
I'm processing CVE-2009-0946 for the various integer overflows found by Tavis Ormandy for FreeType, as captured in: https://bugzilla.redhat.com/show_bug.cgi?id=491384 But there's also this commit: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0a05ba257b6ddd87dacf8d54b626e4b360e0a596 This bug doesn't smell exactly like an integer overflow, but there's not enough immediate context to tell. Is this a different bug type? If so, it needs a new CVE. - Steve
Current thread:
- FreeType malformed compressed data issue Steven M. Christey (Apr 16)
- Re: FreeType malformed compressed data issue Tavis Ormandy (Apr 16)