freetype: add upstream security fixes for CVE-2017-8105 and CVE-2017-8287 (6d557ac0) · Commits · Arm Reference Solutions / buildroot

Commit 6d557ac0 authored Apr 30, 2017 by Peter Korsgaard Committed by Thomas Petazzoni Apr 30, 2017

freetype: add upstream security fixes for CVE-2017-8105 and CVE-2017-8287



Add upstream post-2.7.1 commits (except for ChangeLog modifications) fixing
the following security issues:

CVE-2017-8105 - FreeType 2 before 2017-03-24 has an out-of-bounds write
caused by a heap-based buffer overflow related to the
t1_decoder_parse_charstrings function in psaux/t1decode.c.

CVE-2017-8287 - FreeType 2 before 2017-03-26 has an out-of-bounds write
caused by a heap-based buffer overflow related to the
t1_builder_close_contour function in psaux/psobjs.c.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

parent c1595feb

Hide whitespace changes

Inline Side-by-side

Please register or to comment