Bug ID | 1079601 |
---|---|
Summary | VUL-1: freetype2: Protection against invalid VF data |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.3 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | fstrba@suse.com |
Reporter | kbabioch@suse.com |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
There is an upstream commit handling invalid VF data more safely. This should be applied to our product, since there is no new release of freetype2. References: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5739 https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/truetype/ttgxvar.c?id=68dddcdcbe18a08d778026efc01b1369e35cbf6a