[ MDVSA-2015:055 ] freetype2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:055
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : freetype2
 Date    : March 4, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated freetype2 packages fix security vulnerabilities:
 
 The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType
 before 2.5.4 does not properly check for an integer overflow, which
 allows remote attackers to cause a denial of service (out-of-bounds
 read) or possibly have unspecified other impact via a crafted OpenType
 font (CVE-2014-9656).
 
 The tt_face_load_hdmx function in truetype/ttpload.c in FreeType
 before 2.5.4 does not establish a minimum record size, which allows
 remote attackers to cause a denial

007 Software

[ MDVSA-2015:055 ] freetype2

Leave a Reply Cancel reply

Software and Security Information