[ft-announce] Vulnerability warning (CVE-2020-15999)

freetype-announce

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ft-announce] Vulnerability warning (CVE-2020-15999)

From:	Werner LEMBERG
Subject:	[ft-announce] Vulnerability warning (CVE-2020-15999)
Date:	Tue, 20 Oct 2020 00:07:10 +0200 (CEST)

I've just fixed a heap buffer overflow that can happen for some
malformed `.ttf` files with PNG sbit glyphs.  It seems that this
vulnerability gets already actively used in the wild, so I ask all
users to apply the corresponding commit as soon as possible.

Tomorrow I will do a 2.10.4 release.


    Werner

[Prev in Thread]

Current Thread

[Next in Thread]

[ft-announce] Vulnerability warning (CVE-2020-15999), Werner LEMBERG <=

Prev by Date: [ft-announce] Announcing FreeType 2.10.3
Next by Date: [ft-announce] Announcing FreeType 2.10.4
Previous by thread: [ft-announce] Announcing FreeType 2.10.3
Next by thread: [ft-announce] Announcing FreeType 2.10.4
Index(es):
- Date
- Thread