oss-sec mailing list archives

Possible CVE request: freetype: out-of-bounds stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240)

From: Vasyl Kaigorodov <vkaigoro () redhat com>
Date: Wed, 10 Dec 2014 14:45:50 +0100

Hello,

Freetype version 2.5.4 fixes another out-of-bounds stack-based
read/write which is similar to CVE-2014-2240.
Does it deserve a separate CVE? If so - please assign one.

Upstream bug: http://savannah.nongnu.org/bugs/?43661

References:
http://sourceforge.net/projects/freetype/files/freetype2/2.5.4/
https://bugs.mageia.org/show_bug.cgi?id=14771
https://bugzilla.redhat.com/show_bug.cgi?id=1172633

Thanks.
-- 
Vasyl Kaigorodov | Red Hat Product Security
PGP:  0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828

Attachment: _bin
Description:

Current thread:

Possible CVE request: freetype: out-of-bounds stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240) Vasyl Kaigorodov (Dec 10)
- Re: Possible CVE request: freetype: out-of-bounds stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240) Mateusz Jurczyk (Dec 10)