Updated freetype2 packages fix security vulnerabilitiesPublication date: 15 Mar 2014
Affected Mageia releases : 4
CVE: CVE-2014-2240 , CVE-2014-2241
It was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow (CVE-2014-2240). It was also reported that Freetype before 2.5.3 has a denial-of-service vulnerability in the CFF rasterizing code, due to a reachable assertion (CVE-2014-2241).