FreeType 2 prior to 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.
Several vulnerabilities were discovered in Freetype Opening malformed
fonts may result in denial of service or the execution of arbitrary
code
For the stable distribution (jessie), these problems have been fixed in
version 252-3+deb8u2
We recommend that you upgrade your freetype packages ...
Debian Bug report logs -
#856971
freetype: CVE-2016-10244
Package:
src:freetype;
Maintainer for src:freetype is Hugh McMaster <hughmcmaster@outlookcom>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 6 Mar 2017 19:24:01 UTC
Severity: important
Tags: patch, security, upstream
Found in version fre ...
FreeType 2 <= 271 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjsc ...