Red Hat Bugzilla – Bug 240577
CVE-2007-2754 freetype integer overflow
Last modified: 2007-12-19 05:36:16 EST
This is the tracking bug for FC5 and FC6, please see the blocks list
+++ This bug was initially created as a clone of Bug #240200 +++
Victor Stinner discovered an integer overflow bug in the way freetype processed
malformed TTF fonts:
The patch can be found here:
It appears that this flaw will result in a heap overflow condition:
flag_limit = flag + n_points;
while ( flag < flag_limit )
*flag++ = c = FT_NEXT_BYTE( p );
why not 2.3.4??? Do not retard Fedora!!!
No thanks. Every single freetype release since 2.2 have had its own very, very,
noisy surprises. I'm sick of it and not going to update FC6's version of freetype.