Dear all,
I apologize that UVS support of freetype-2.4.x is broken under
legacy-compatible configuration (it's default configuration for
'configure && make && make install'-ed binary).
The bug causes a crash by NULL pointer dereference in UVS
support functions, but I think it is not exploitable bug.
Even if a malicious font is given, the client won't be
crashed by this bug, as far as the client does not call UVS
support functions.
It is already fixed in latest revision on GIT. The detailed
analysis and the patch (applicable to all revisions since
the bug was introduced) is available from savannah bugzilla:
https://savannah.nongnu.org/bugs/index.php?31545
Regards,
mpsuzuki
_______________________________________________
Freetype-devel mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/freetype-devel
