Updated freetype2 packages fix security vulnerabilities
Publication date: 15 Mar 2014Modification date: 16 Mar 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-2240 , CVE-2014-2241
Description
It was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow (CVE-2014-2240). It was also reported that Freetype before 2.5.3 has a denial-of-service vulnerability in the CFF rasterizing code, due to a reachable assertion (CVE-2014-2241).
References
SRPMS
4/tainted
- freetype2-2.5.0.1-3.1.mga4.tainted
4/core
- freetype2-2.5.0.1-3.1.mga4