Re: Vulnerability warning (CVE-2020-15999)

freetype-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Vulnerability warning (CVE-2020-15999)

From:	Hugh McMaster
Subject:	Re: Vulnerability warning (CVE-2020-15999)
Date:	Tue, 20 Oct 2020 09:18:56 +1100

Hi Werner,

On Tue, 20 Oct 2020 at 09:07, Werner LEMBERG wrote:

I've just fixed a heap buffer overflow that can happen for some
malformed `.ttf` files with PNG sbit glyphs. It seems that this
vulnerability gets already actively used in the wild, so I ask all
users to apply the corresponding commit as soon as possible.

Tomorrow I will do a 2.10.4 release.

Does this vulnerability affect older (< 2.10.3) versions of FreeType as well?

[Prev in Thread]

Current Thread

[Next in Thread]

Vulnerability warning (CVE-2020-15999), Werner LEMBERG, 2020/10/19
- Re: Vulnerability warning (CVE-2020-15999), Hugh McMaster <=
  - Re: Vulnerability warning (CVE-2020-15999), Ben Wagner, 2020/10/19
    - Re: Vulnerability warning (CVE-2020-15999), Werner LEMBERG, 2020/10/20

Prev by Date: Vulnerability warning (CVE-2020-15999)
Next by Date: Re: Vulnerability warning (CVE-2020-15999)
Previous by thread: Vulnerability warning (CVE-2020-15999)
Next by thread: Re: Vulnerability warning (CVE-2020-15999)
Index(es):
- Date
- Thread