[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ft-devel] Fix for CVE-2010-3311

From: Werner LEMBERG
Subject: Re: [ft-devel] Fix for CVE-2010-3311
Date: Fri, 24 Jun 2011 18:11:42 +0200 (CEST)

> I am trying to audit our local patches to freetype2 in openSUSE to
> reduce the number of patches we apply. I noticed that fix for
> CVE-2010-3311 [0] is not applied to upstream freetype source.
> Attached is the fix for the issue with the demo CFF file.
> It would be nice to get this fixed so we can drop this patch.
> [0]

Hmm, in

I read this:

  Affected versions: freetype-2.3 and before that.  Latest upstream
  version (2.4) is not affected.

Actually, I remember this CVE...  And indeed, comment #39 says:

  The following upstream commit fixes this problem in freetype 2.4.x:

  commit 75787c19eab20874c5d588842c52e59cfbd9302a
  Author: Werner Lemberg <address@hidden>
  Date:   Sat Jun 26 09:24:08 2010 +0200

    Add some memory checks (mainly for debugging).

    * src/base/ftstream.c (FT_Stream_EnterFrame): Exit with error
    if the frame size is larger than the stream size.

    * src/base/ftsystem.c (ft_ansi_stream_io): Exit with error if
    seeking a position larger than the stream size.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]