ArchLinux: 201805-3: freetype2: denial of service
Summary
An issue was discovered in FreeType 2 before 2.9.1. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to denial of service via a crafted font file.
Resolution
Upgrade to 2.9.1-1.
# pacman -Syu "freetype2>=2.9.1-1"
The problem has been fixed upstream in version 2.9.1.
References
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736 https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef https://security.archlinux.org/CVE-2018-6942
Workaround
None.