> out of curiosity, has Apple contacted the FreeType dev group > concerning http://www.vupen.com/english/advisories/2010/2018 > ("FreeType Compact Font Format Two Buffer Overflow > Vulnerabilities")?
Yes. Fixed in 2.4.2. > Even if it's not a serious problem on anything that isn't iOS, It is a serious problem on all platforms. > a problem with opcode parsing might also lead to the incorrect > execution of opcode-based CFF glyph rendering; it would be nice to > know where it's going wrong, so that normal fonts (i.e., not created > specifically to exploit the problem) that make use of the > problematic opcode patterns can be identified. Normal fonts will *never* encounter this particular bug. It relies on opcodes which push data on the stack without consuming arguments, for example, repeatedly calling `random'. Werner _______________________________________________ Freetype mailing list Freetype@nongnu.org http://lists.nongnu.org/mailman/listinfo/freetype