It was reported [1] that Freetype suffers from an out-of-bounds stack-based read/write flaw in cf2_hintmap_build(). This new CFF handling code was introduced in Freetype 2.4.12 (new Type 2 interpreter and hinter); earlier versions are not affected. This is fixed in 2.5.3 [2]. Two CVEs were noted in the upstream bug [3], and according the oss-security post they correlate to commits as follows: CVE-2014-2240: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0eae6eb0645264c98812f0095e0f5df4541830e6 CVE-2014-2241: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969 (there seems to be some possibility that CVE-2014-2241 was unncessarily filed, however) [1] http://openwall.com/lists/oss-security/2014/03/10/2 [2] http://sourceforge.net/projects/freetype/files/freetype2/2.5.3/ [3] https://savannah.nongnu.org/bugs/?41697 Statement: Not vulnerable. This issue did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 5, 6 and 7.
Created freetype tracking bugs for this issue: Affects: fedora-20 [bug 1074647]
Created mingw-freetype tracking bugs for this issue: Affects: fedora-20 [bug 1074648] Affects: fedora-19 [bug 1074649]
This is currently fixed in: mingw-freetype-2.5.0.1-2.fc20 mingw-freetype-2.4.12-3.fc19 freetype-2.5.0-5.fc20
And for anybody who might want to know, this is also fixed in: freetype-freeworld-2.5.0.1-4.fc20 in that well-known third-party repository.