Arch Linux: ASA-201805-3 Low: Freetype2 Denial Of Service
May 09, 2018 • 
LinuxSecurity Advisories 1 min read
Topics Covered
The package freetype2 before version 2.9.1-1 is vulnerable to denial of service.
Arch Linux Security Advisory ASA-201805-3 ======================================== Severity: Low Date : 2018-05-09 CVE-ID : CVE-2018-6942 Package : freetype2 Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-613 Summary ====== The package freetype2 before version 2.9.1-1 is vulnerable to denial of service. Resolution ========= Upgrade to 2.9.1-1. # pacman -Syu "freetype2>=2.9.1-1" The problem has been fixed upstream in version 2.9.1. Workaround ========= None. Description ========== An issue was discovered in FreeType 2 before 2.9.1. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to denial of service via a crafted font file. Impact ===== A remote attacker is able to cause a denial of service via a specially crafted file. References ========= https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736 https://cgit.git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef https://security.archlinux.org/CVE-2018-6942
PREVIOUS 
NEXT Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!