| Bug ID | 1079601 |
|---|---|
| Summary | VUL-1: freetype2: Protection against invalid VF data |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.3 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | fstrba@suse.com |
| Reporter | kbabioch@suse.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
There is an upstream commit handling invalid VF data more safely. This should be applied to our product, since there is no new release of freetype2. References: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5739 https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/truetype/ttgxvar.c?id=68dddcdcbe18a08d778026efc01b1369e35cbf6a