Re: [ft] FreeType 2.4.1 has been released

freetype

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ft] FreeType 2.4.1 has been released

From:	Werner LEMBERG
Subject:	Re: [ft] FreeType 2.4.1 has been released
Date:	Fri, 06 Aug 2010 22:49:20 +0200 (CEST)

> out of curiosity, has Apple contacted the FreeType dev group
> concerning http://www.vupen.com/english/advisories/2010/2018
> ("FreeType Compact Font Format Two Buffer Overflow
> Vulnerabilities")?

Yes.  Fixed in 2.4.2.

> Even if it's not a serious problem on anything that isn't iOS,

It is a serious problem on all platforms.

> a problem with opcode parsing might also lead to the incorrect
> execution of opcode-based CFF glyph rendering; it would be nice to
> know where it's going wrong, so that normal fonts (i.e., not created
> specifically to exploit the problem) that make use of the
> problematic opcode patterns can be identified.

Normal fonts will *never* encounter this particular bug.  It relies on
opcodes which push data on the stack without consuming arguments, for
example, repeatedly calling `random'.


    Werner

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [ft] FreeType 2.4.1 has been released, Michiel Kamermans, 2010/08/06
- Re: [ft] FreeType 2.4.1 has been released, Werner LEMBERG <=
  - Re: [ft] FreeType 2.4.1 has been released, mpsuzuki, 2010/08/07
    - Re: [ft] FreeType 2.4.1 has been released, Werner LEMBERG, 2010/08/07
    - Re: [ft] FreeType 2.4.1 has been released, Michiel Kamermans, 2010/08/08

Prev by Date: [ft] FreeType 2.4.2 has been released
Next by Date: Re: [ft] FreeType 2.4.1 has been released
Previous by thread: Re: [ft] FreeType 2.4.1 has been released
Next by thread: Re: [ft] FreeType 2.4.1 has been released
Index(es):
- Date
- Thread