freetype-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Vulnerability warning (CVE-2020-15999)


From: Ben Wagner
Subject: Re: Vulnerability warning (CVE-2020-15999)
Date: Mon, 19 Oct 2020 20:11:25 -0400



On Mon, Oct 19, 2020, 6:19 PM Hugh McMaster <hugh.mcmaster@outlook.com> wrote:
Hi Werner,

On Tue, 20 Oct 2020 at 09:07, Werner LEMBERG wrote:

I've just fixed a heap buffer overflow that can happen for some
malformed `.ttf` files with PNG sbit glyphs.  It seems that this
vulnerability gets already actively used in the wild, so I ask all
users to apply the corresponding commit as soon as possible.

Tomorrow I will do a 2.10.4 release.

Does this vulnerability affect older (< 2.10.3) versions of FreeType as well?

It appears that something like this was fixed with 54abd22891 but the fix there came too late (after a narrowing conversion) leaving some values unchecked. This new change moves that check earlier (to the values actually needing to be checked directly). The code in question hasn't changed much since 2.5.3 and probably back to 2.5.1 is affected.

Werner, I see a commit in the FreeType repo, but it seems to be just a change log entry, probably just didn't 'git add' pngshim.c? (I do things like that embarrassingly frequently.)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]