Security update for freetype2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1704-1 Final 1 1 2015-10-01T09:29:58Z current 2015-10-01T09:29:58Z 2015-10-01T09:29:58Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for freetype2 This update of the freetype2 library fixes two security issues. These security issues were fixed: - CVE-2014-9745: Infinite loop in parse_encoding in t1load.c (bsc#945849) - CVE-2014-9747: Use of uninitialized memory in ps_parser_load_field, t42_parse_font_matrix and t1_parse_font_matrix (bsc#947966) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-10/msg00017.html E-Mail link for openSUSE-SU-2015:1704-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings freetype2-2.5.0.1-2.10.1 freetype2-devel-2.5.0.1-2.10.1 freetype2-devel-32bit-2.5.0.1-2.10.1 ft2demos-2.5.0-2.10.1 libfreetype6-2.5.0.1-2.10.1 libfreetype6-32bit-2.5.0.1-2.10.1 The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage. CVE-2014-9745 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-10/msg00017.html https://www.suse.com/security/cve/CVE-2014-9745.html CVE-2014-9745 https://bugzilla.suse.com/945849 SUSE Bug 945849 https://bugzilla.suse.com/947966 SUSE Bug 947966 The t42_parse_encoding function in type42/t42parse.c in FreeType before 2.5.4 does not properly update the current position for immediates-only mode, which allows remote attackers to cause a denial of service (infinite loop) via a Type42 font. CVE-2014-9747 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-10/msg00017.html https://www.suse.com/security/cve/CVE-2014-9747.html CVE-2014-9747 https://bugzilla.suse.com/947966 SUSE Bug 947966