[Bug 1444895] New: CVE-2016-10328 freetype: heap-based buffer overflow related to the cff_parser_run function

https://bugzilla.redhat.com/show_bug.cgi?id=1444895 Bug ID: 1444895 Summary: CVE-2016-10328 freetype: heap-based buffer overflow related to the cff_parser_run function Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: behdad(a)fedoraproject.org, bmcclain(a)redhat.com, cfergeau(a)redhat.com, dblechte(a)redhat.com, eedri(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, gklein(a)redhat.com, kevin(a)tigcc.ticalc.org, lsurette(a)redhat.com, mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com, mkasik(a)redhat.com, rbalakri(a)redhat.com, rh-spice-bugs(a)redhat.com, rjones(a)redhat.com, sherold(a)redhat.com, srevivo(a)redhat.com, ydary(a)redhat.com, ykaul(a)redhat.com FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. Bug report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289 -- You are receiving this mail because: You are on the CC list for the bug.