AVG-258 log

Package	lib32-freetype2
Status	Fixed
Severity	High
Type	arbitrary code execution
Affected	2.7.1-1
Fixed	2.7.1-2
Current	2.13.2-1 [multilib]
Ticket	None
Created	Thu Apr 27 16:26:55 2017

Issue	Severity	Remote	Type	Description
CVE-2017-8287	High	Yes	Arbitrary code execution	FreeType 2 <= 2.7.1 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.
CVE-2017-8105	High	Yes	Arbitrary code execution	FreeType 2 <= 2.7.1 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.

Issue

Severity

Remote

Type

Description

CVE-2017-8287

High

Yes

Arbitrary code execution

FreeType 2 <= 2.7.1 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.

CVE-2017-8105

High

Yes

Arbitrary code execution

FreeType 2 <= 2.7.1 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.

Date	Advisory	Package	Type
10 May 2017	ASA-201705-10	lib32-freetype2	arbitrary code execution

References
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941