Multiple security flaws (multiple unsanitized invalid user input cases and one integer overflow flaw) were found in the way FreeType, the font rendering engine performed loading of CID-keyed (composite multibyte) Type 1 fonts. A remote attacker could provide a specially-crafted font file, which once opened in an application linked against freetype could lead to crash, or, potentially arbitrary code execution with the privileges of the user running the application. References: [1] http://support.apple.com/kb/HT5052 [2] https://bugzilla.novell.com/show_bug.cgi?id=730124
This issue affects the versions of the freetype package, as shipped with Red Hat Enterprise Linux 4, 5, and 6. -- This issue affects the versions of the freetype package, as shipped with Fedora release of 14, 15, and 16. Please schedule an update.
Relevant upstream patch: [3] http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=14a16e3430ce85538ba9116816cf463cf8827708
Created freetype tracking bugs for this issue Affects: fedora-all [bug 753837]
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2011:1455 https://rhn.redhat.com/errata/RHSA-2011-1455.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5.6 EUS - Server Only Via RHSA-2012:0094 https://rhn.redhat.com/errata/RHSA-2012-0094.html