[Secure-testing-team] Bug#861308: freetype: CVE-2017-8287: out-of-bounds write via t1_builder_close_contour function
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 27 09:18:26 UTC 2017
Source: freetype
Version: 2.5.2-3
Severity: grave
Tags: upstream security patch
Justification: user security hole
Hi,
the following vulnerability was published for freetype.
CVE-2017-8287[0]:
| FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a
| heap-based buffer overflow related to the t1_builder_close_contour
| function in psaux/psobjs.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-8287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8287
[1] http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
Regards,
Salvatore
More information about the Secure-testing-team
mailing list