VDB

MAGEIA-2014-130

MAGEIA-2014-130 PUBLISHED

It was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow (CVE-2014-2240). It was also reported that Freetype before 2.5.3 has a denial-of-service vulnerability in the CFF rasterizing code, due to a reachable assertion (CVE-2014-2241).

Affected Products

VendorProductVersions
Mageiafglc0, 0.1.16-2.1.mga4
Mageiafreetype20, 2.5.0.1-3.1.mga4.tainted, 0

Timeline

  • Mar 15, 2014 CVE Published
  • Mar 16, 2014 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›