CVE-2012-5670
Published: 31 December 2012
The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value.
Notes
Author | Note |
---|---|
mdeslaur | introduced by http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/bdf/bdflib.c?id=03242f58c4bf7226276d8e4e7cb106045319e517 so only in 2.4.9+ |
Priority
Status
Package | Release | Status |
---|---|---|
freetype Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
lucid |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Released
(2.4.10-0ubuntu1.1)
|
|
upstream |
Released
(2.4.11)
|
|
Patches: upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7f2e4f4f553f6836be7683f66226afac3fa979b8 |