Univention Bugzilla – Bug 40548
freetype: Multiple issues (4.1)
Last modified: 2017-05-10 15:38:51 CEST
Multiple bugs in processing font files allow denial of service or the execution of arbitrary code: Debian package version 2.4.9-1.1+deb7u2 fixes: * remote denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream (CVE-2014-9745) * use of uninitialized data (CVE-2014-9746) * t42parse.c vulnerability (CVE-2014-9747) Debian package version 2.4.9-1.1+deb7u3 fixes * The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font (CVE-2014-9674)
Upstream Debian package version 2.4.9-1.1+deb7u4 fixes this issue: * The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file. (CVE-2016-10244)
Imported and built. Advisory: freetype.yaml
Tests (amd64): OK Advisory: OK
Upstream Debian package version 2.4.9-1.1+deb7u5 additionally fixes: * out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. (CVE-2016-10328) Package imported and built, advisory updated.
<http://errata.software-univention.de/ucs/4.1/416.html>