Advisories ยป MGASA-2014-0130

Updated freetype2 packages fix security vulnerabilities

Publication date: 15 Mar 2014
Modification date: 16 Mar 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-2240 , CVE-2014-2241

Description

It was reported that Freetype before 2.5.3 suffers from an out-of-bounds
stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing
code, which could lead to a buffer overflow (CVE-2014-2240).

It was also reported that Freetype before 2.5.3 has a denial-of-service
vulnerability in the CFF rasterizing code, due to a reachable assertion
(CVE-2014-2241).
                

References

SRPMS

4/tainted

4/core