| Errata ID | 416 |
|---|---|
| Date | 2017-05-10 |
| Source package | freetype |
| Fixed in version | 2.4.9-1.1.74.201704181350 |
| Description | This update addresses the following issues: * remote denial of service (integer overflow and heap-based buffer overflow) or possibly unspecified other impact via a crafted Mac font (CVE-2014-9674) * remote denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream (CVE-2014-9745) * uninitialized memory access and application crash or possibly unspecified other impact via a crafted font (CVE-2014-9746) * remote denial of service (infinite loop) via a Type42 font (CVE-2014-9747) * remote denial of service (heap-based buffer over-read) or possibly unspecified other impact via a crafted file (CVE-2016-10244) * out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c (CVE-2016-10328) |
| Additional notes | |
| CVE ID | CVE-2014-9674 CVE-2014-9745 CVE-2014-9746 CVE-2014-9747 CVE-2016-10244 CVE-2016-10328 |
| UCS Bug number | #40548 |
