An invalid read flaw was found in the way FreeType font rendering engine performed benchmark tests on certain font files. An attacker could use this flaw to create a specially-crafted font file that, when opened, would cause an application linked against freetype to crash (denial of service). Upstream bug report: [1] https://savannah.nongnu.org/bugs/?30648 Public reproducer: [2] http://alt.swiecki.net/j/f/sigsegv28.ttf
Created attachment 437181 [details] Local copy of PoC font file from Robert Swiecki
This issue did NOT affect the versions of the freetype package, as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue affects the versions of the freetype package, as shipped with Fedora release of 12 and 13.
For what it's worth, the attachment is not a TrueType file, it's a Type42 file (ie. TrueType in a PostScript container).
This only crashes ftbench, a test application shipped with freetype. Red Hat Security Response Team does not consider this as a security issue.