| Errata ID | 307 |
|---|---|
| Date | 2015-03-25 |
| Source package | freetype |
| Fixed in version | 2.4.2-2.1.63.201503191628 |
| Description | Multiple vulnerabilities have been found in the FreeType font engine: * [sfnt] Fix broken pointer overflow checks (CVE-2014-9656) * [tt] Check minimum size of `record_size' (CVE-2014-9657) * [sfnt] Use correct value for minimum table length test (CVE-2014-9658) * [bdf] Check `_BDF_GLYPH_BITS' (CVE-2014-9660) * [type42] Initialize `face->ttf_size' (CVE-2014-9661) * [sfnt] Fix order of validity tests (CVE-2014-9663) * [type1, type42] Add another boundary testing (CVE-2014-9664) * [sfnt] Protect against addition and multiplication overflow (CVE-2014-9666) * [sfnt] Protect against addition overflow (CVE-2014-9667) * [sfnt] Protect against overflow in additions and multiplications (CVE-2014-9669) * [pcf] Add sanity checks for row and column values (CVE-2014-9670) * [pcf] Check `size' and `offset' values (CVE-2014-9671) * Prevent a buffer overrun caused by a font including too many (> 63) strings to store names[] table (CVE-2014-9672) * Fix integer overflow by a broken POST table in resource-fork (CVE-2014-9673) * Additional overflow check in the summation of POST fragment lengths (CVE-2014-9674) * [bdf] checks one character more than `strncmp' (CVE-2014-9675) |
| Additional notes | |
| CVE ID | CVE-2014-9656 CVE-2014-9657 CVE-2014-9658 CVE-2014-9660 CVE-2014-9661 CVE-2014-9663 CVE-2014-9664 CVE-2014-9666 CVE-2014-9667 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9672 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675 |
| UCS Bug number | #37756 |
