The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "freetype2-demos-dbgsym": "2.5.2-1ubuntu2.6", "libfreetype6-udeb": "2.5.2-1ubuntu2.6", "libfreetype6-dbgsym": "2.5.2-1ubuntu2.6", "libfreetype6-dev": "2.5.2-1ubuntu2.6", "freetype2-demos": "2.5.2-1ubuntu2.6", "libfreetype6-udeb-dbgsym": "2.5.2-1ubuntu2.6", "libfreetype6": "2.5.2-1ubuntu2.6" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "freetype2-demos-dbgsym": "2.6.1-0.1ubuntu2.1", "libfreetype6-udeb": "2.6.1-0.1ubuntu2.1", "libfreetype6-dbgsym": "2.6.1-0.1ubuntu2.1", "libfreetype6-dev": "2.6.1-0.1ubuntu2.1", "freetype2-demos": "2.6.1-0.1ubuntu2.1", "libfreetype6-udeb-dbgsym": "2.6.1-0.1ubuntu2.1", "libfreetype6": "2.6.1-0.1ubuntu2.1" } ] }