Date: Wed, 10 Dec 2014 14:56:29 +0100 From: Mateusz Jurczyk <j00ru.vx@...il.com> To: oss-security@...ts.openwall.com Subject: Re: Possible CVE request: freetype: out-of-bounds stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240) Hey, original finder of both vulnerabilities here. I've sent a CVE request to MITRE today for this and multiple other vulnerabilities fixed in 2.5.4, I'll update this thread once they are assigned. Cheers, Mateusz 2014-12-10 14:45 GMT+01:00 Vasyl Kaigorodov <vkaigoro@...hat.com>: > Hello, > > Freetype version 2.5.4 fixes another out-of-bounds stack-based > read/write which is similar to CVE-2014-2240. > Does it deserve a separate CVE? If so - please assign one. > > Upstream bug: http://savannah.nongnu.org/bugs/?43661 > > References: > http://sourceforge.net/projects/freetype/files/freetype2/2.5.4/ > https://bugs.mageia.org/show_bug.cgi?id=14771 > https://bugzilla.redhat.com/show_bug.cgi?id=1172633 > > Thanks. > -- > Vasyl Kaigorodov | Red Hat Product Security > PGP: 0xABB6E828 A7E0 87FF 5AB5 48EB 47D0 2868 217B F9FC ABB6 E828 >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.