VDB
MAGEIA-2014-130
MAGEIA-2014-130
PUBLISHED
It was reported that Freetype before 2.5.3 suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build() in the CFF rasterizing code, which could lead to a buffer overflow (CVE-2014-2240). It was also reported that Freetype before 2.5.3 has a denial-of-service vulnerability in the CFF rasterizing code, due to a reachable assertion (CVE-2014-2241).
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mageia | fglc | 0, 0.1.16-2.1.mga4 |
| Mageia | freetype2 | 0, 2.5.0.1-3.1.mga4.tainted, 0 |
Timeline
- Mar 15, 2014 CVE Published
- Mar 16, 2014 CVE Updated
References
- Updated freetype2 packages fix security vulnerabilities advisory
- Updated freetype2 packages fix security vulnerabilities advisory
- Updated freetype2 packages fix security vulnerabilities issue
- Updated freetype2 packages fix security vulnerabilities issue
- Updated fglc package fixes missing dependencies advisory
- Updated fglc package fixes missing dependencies issue