Fedora 21 Security Update: freetype-2.5.3-15.fc21

Resolved Bugs
1191078 – CVE-2014-9656 freetype: integer overflow in the tt_sbit_decoder_load_image function in sfnt/ttsbit.c
1191081 – CVE-2014-9659 freetype: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter
1191083 – CVE-2014-9661 freetype: use-after-free in type42/t42parse.c
1191085 – CVE-2014-9663 freetype: out-of-bounds read in the tt_cmap4_validate function in sfnt/ttcmap.c
1191087 – CVE-2014-9665 freetype: integer overflow and heap-based buffer overflow in the Load_SBit_Png function in sfnt/pngshim.c
1191090 – CVE-2014-9667 freetype: integer overflow and out-of-bounds read in sfnt/ttload.c
1191092 – CVE-2014-9669 freetype: Multiple integer overflows in sfnt/ttcmap.c
1191093 – CVE-2014-9670 freetype: Multiple integer signedness errors in the pcf_get_encodings function inpcf/pcfread.c
1191191 – CVE-2014-9674 freetype: integer overflow and heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c [fedora-all]
1191193 – CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font [fedora-all]
1191099 – CVE-2014-9656 CVE-2014-9657 CVE-2014-9661 CVE-2014-9660 CVE-2014-9667 CVE-2014-9666 CVE-2014-9665 CVE-2014-9664 CVE-2014-9669 CVE-2014-9668 CVE-2014-9662 CVE-2014-9658 CVE-2014-9659 CVE-2014-9663 CVE-2014-9670 freetype: various flaws [fedora-all]
1191079 – CVE-2014-9657 freetype: DoS in the tt_face_load_hdmx function in truetype/ttpload.c
1191080 – CVE-2014-9658 freetype: DoS in the tt_face_load_kern function in sfnt/ttkern.c
1191082 – CVE-2014-9660 freetype: NULL pointer dereference in the _bdf_parse_glyphs function in bdf/bdflib.c
1191084 – CVE-2014-9662 freetype: heap-based buffer overflow in cff/cf2ft.c
1191086 – CVE-2014-9664 freetype: out-of-bounds read via a crafted Type42 font
1191089 – CVE-2014-9666 freetype: integer overflow and out-of-bounds read in the tt_sbit_decoder_init function in sfnt/ttsbit.c
1191091 – CVE-2014-9668 freetype: integer overflow and heap-based buffer overflow in the woff_open_font function in sfnt/sfobjs.c
1191190 – CVE-2014-9674 freetype: integer overflow and heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c
1191192 – CVE-2014-9675 freetype: bypass the ASLR protection mechanism via a crafted BDF font<br
This update fixes several security issues.

Leave a Reply