An out-of heap-based buffer write flaw was found in the way FreeType font rendering engine performed parsing of glyph and bitmaps information for glyph bitmap distribution format (BDF) font files, that were missing definition of the ENCODING field. A remote attacker could provide a specially-crafted BDF font file, which once opened in an application linked against FreeType would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application.
Upstream bug report:
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/06/16
This issue affects the versions of the freetype package, as shipped with Red Hat Enterprise Linux 5 and 6.
This issue affects the versions of the freetype package, as shipped with Fedora release of 15 and 16.
This occurs when parsing glyphs that use DWIDTH and BBOX parameters before/without specifying ENCODING parameter.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Via RHSA-2012:0467 https://rhn.redhat.com/errata/RHSA-2012-0467.html