[Bug 1429965] CVE-2016-10244 freetype: parse_charstrings function in type1 /t1load.c does not ensure that a font contains a glyph name

https://bugzilla.redhat.com/show_bug.cgi?id=1429965 Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com&gt; changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016 |0825,reported=20170306,sour |0825,reported=20170306,sour |ce=cve,cvss3=5.9/CVSS:3.0/A |ce=cve,cvss3=5.9/CVSS:3.0/A |V:N/AC:H/PR:N/UI:N/S:U/C:N/ |V:N/AC:H/PR:N/UI:N/S:U/C:N/ |I:N/A:H,cwe=CWE-20,fedora-a |I:N/A:H,cwe=CWE-20,fedora-a |ll/freetype=affected,fedora |ll/freetype=affected,fedora |-all/mingw-freetype=affecte |-all/mingw-freetype=affecte |d,epel-7/mingw-freetype=aff |d,epel-7/mingw-freetype=aff |ected,rhel-5/freetype=new,r |ected,rhel-5/freetype=wontf |hel-6/freetype=new,rhel-7/f |ix,rhel-6/freetype=wontfix, |reetype=new,rhev-m-3/mingw- |rhel-7/freetype=wontfix,rhe |virt-viewer=new |v-m-3/mingw-virt-viewer=won | |tfix Last Closed| |2017-03-23 01:50:59 --- Comment #2 from Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com&gt; --- Analysis: As per the patch, seems to be a OOB read, causing a crash. I dont have access to the reproducer, but seems all versions of freetype shipped with Red Hat Enterprise Linux are affected. -- You are receiving this mail because: You are on the CC list for the bug.