Red Hat Bugzilla – Bug 1262377
CVE-2014-9745 freetype: Infinite loop in parse_encoding in t1load.c
Last modified: 2016-03-04 06:00:37 EST
If the Postscript stream contains a broken number-with-base (e.g. "8#garbage") the cursor doesn't advance and parse_encoding enters an infinite loop.
Created freetype tracking bugs for this issue:
Affects: fedora-all [bug 1262381]
Created mingw-freetype tracking bugs for this issue:
Affects: fedora-all [bug 1262380]
Affects: epel-7 [bug 1262382]
It seems to me that this is already fixed in all maintained versions of Fedora. Check it please.
Upstream freetype git suggests that this issue was addressed in freetype-2.5.3.
Therefore this issue is already fixed in all the maintained versions of Fedora.