Red Hat Bugzilla – Bug 800589
CVE-2012-1131 freetype: incorrect type cast allowing input sanity check bypass in ft_smooth_render_generic() (#35604)
Last modified: 2015-11-24 09:51:59 EST
An out-of heap-based buffer read flaw was found in the way the anti-aliasing renderer of the FreeType font rendering engine processed certain TrueType fonts. A remote attacker could provide a specially-crafted TrueType font file, which once opened in an application linked against FreeType would lead to that application crash.
Upstream bug report:
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/06/16
This issue does seem to affect the versions of the freetype package, as shipped with Red Hat Enterprise Linux 5 and 6.
This issue did NOT affect the version of the freetype package, as shipped with Fedora release of 15.
This issue affects the version of the freetype package, as shipped with Fedora release of 16.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2012:0467 https://rhn.redhat.com/errata/RHSA-2012-0467.html