Security update for freetype2
freetype2 was updated to fix various vulnerabilities that could lead to crashes or potentially
code execution when parsing fonts.
-
Submitted by
Vladimir Nadvornik (nadvornik)
Fixed bugs
bnc#916873
VUL-0: CVE-2014-9672: freetype2: Array index error in the parse_fond function in base/ftmac.c
bnc#916872
VUL-0: CVE-2014-9671: freetype2: Off-by-one error in the pcf_get_properties function in pcf/pcfread.c
bnc#916871
VUL-0: CVE-2014-9670: freetype2: Multiple integer signedness errors in the pcf_get_encodings function inpcf/pcfread.c
bnc#916870
VUL-0: CVE-2014-9669: freetype2: Multiple integer overflows in sfnt/ttcmap.c
bnc#916860
VUL-0: CVE-2014-9662: freetype2: heap-based buffer overflow in cff/cf2ft.c
bnc#916861
VUL-0: CVE-2014-9667: freetype2: integer overflow and out-of-bounds read in sfnt/ttload.c
bnc#916862
VUL-0: CVE-2014-9666: freetype2: integer overflow and out-of-bounds read in the tt_sbit_decoder_init function in sfnt/ttsbit.c
bnc#916874
VUL-0: CVE-2014-9673: freetype2: Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c
bnc#916879
VUL-0: CVE-2014-9674: freetype2: integer overflow and heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c
bnc#916863
VUL-0: CVE-2014-9665: freetype2: integer overflow and heap-based buffer overflow in the Load_SBit_Png function in sfnt/pngshim.c
bnc#916868
VUL-0: CVE-2014-9668: freetype2: integer overflow and heap-based buffer overflow in the woff_open_font function in sfnt/sfobjs.c
bnc#916881
VUL-0: CVE-2014-9675: freetype2: bypass the ASLR protection mechanism via a crafted BDF font
bnc#916859
VUL-0: CVE-2014-9661: freetype2: use-after-free in type42/t42parse.c
bnc#916858
VUL-0: CVE-2014-9660: freetype2: NULL pointer dereference in the _bdf_parse_glyphs function in bdf/bdflib.c
bnc#916865
VUL-0: CVE-2014-9663: freetype2: out-of-bounds read in the tt_cmap4_validate function in sfnt/ttcmap.c
bnc#916867
VUL-0: CVE-2014-9659: freetype2: stack-based buffer overflow in cff/cf2intrp.c in the CFF CharString interpreter
bnc#916864
VUL-0: CVE-2014-9664: freetype2: out-of-bounds read via a crafted Type42 font
bnc#916847
VUL-0: CVE-2014-9656: freetype2: integer overflow in the tt_sbit_decoder_load_image function in sfnt/ttsbit.c
bnc#916857
VUL-0: CVE-2014-9658: freetype2: DoS in the tt_face_load_kern function in sfnt/ttkern.c
bnc#916856
VUL-0: CVE-2014-9657: freetype2: DoS in the tt_face_load_hdmx function in truetype/ttpload.c
