FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

freetype2 -- Out of bounds read/write

Affected packages
freetype2 < 2.5.3


VuXML ID 1a0de610-a761-11e3-95fe-bcaec565249c
Discovery 2014-02-25
Entry 2014-03-09

Mateusz Jurczyk reports:

Out of bounds stack-based read/write in cf2_hintmap_build.

This is a critical vulnerability in the CFF Rasterizer code recently contributed by Adobe, leading to potential arbitrary code execution in the context of the FreeType2 library client.