Advisories » MGASA-2014-0130

Updated freetype2 packages fix security vulnerabilities

Publication date: 15 Mar 2014
Modification date: 16 Mar 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-2240 , CVE-2014-2241

Description

It was reported that Freetype before 2.5.3 suffers from an out-of-bounds
stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing
code, which could lead to a buffer overflow (CVE-2014-2240).

It was also reported that Freetype before 2.5.3 has a denial-of-service
vulnerability in the CFF rasterizing code, due to a reachable assertion
(CVE-2014-2241).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12986
• https://bugzilla.redhat.com/show_bug.cgi?id=1074646
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741299
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2240
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2241

SRPMS

4/core

• freetype2-2.5.0.1-3.1.mga4

4/tainted

• freetype2-2.5.0.1-3.1.mga4.tainted