The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Opensuse | Opensuse | 13.1 (including) | 13.1 (including) |
Opensuse | Opensuse | 13.2 (including) | 13.2 (including) |
Red Hat Enterprise Linux 6 | RedHat | freetype-0:2.3.11-15.el6_6.1 | * |
Red Hat Enterprise Linux 7 | RedHat | freetype-0:2.4.11-10.el7_1.1 | * |
Freetype | Ubuntu | devel | * |
Freetype | Ubuntu | lucid | * |
Freetype | Ubuntu | precise | * |
Freetype | Ubuntu | trusty | * |
Freetype | Ubuntu | upstream | * |
Freetype | Ubuntu | utopic | * |