New issue
Advanced search Search tips

Issue 603421 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner:
Closed: Apr 2016
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: PDFium could be affected by security issue in freetype 2.6.1

Reported by stackexp...@gmail.com, Apr 14 2016

Issue description

VULNERABILITY DETAILS
The freetype copy that's bundled in pdfium is currently at version 2.6.1. This version is vulnerable to malformed fonts as described on the freetype home page.

> FreeType 2.6.2
> 2015-11-28
> FreeType 2.6.2 has been released. This is a minor release that mainly provides better handling of malformed fonts. All users should upgrade.

The detailed information about this issue is available at https://bugs.chromium.org/p/project-zero/issues/detail?id=602

Patch is available at http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=57cbb8c148999ba8f14ed53435fc071ac9953afd

The freetype library should be updated to 2.6.2 or higher version.

 

Comment 1 by tsepez@chromium.org, Apr 14 2016

Owner: och...@chromium.org
Status: Assigned (was: Unconfirmed)
@ochang, is this something we've already patched locally? Thanks.

Comment 2 by och...@chromium.org, Apr 14 2016

Status: WontFix (was: Assigned)
The PDFium-bundled freetype is not shipped to any users. Chrome on Linux is linked with system freetype (not chromium/src/third_party/freetype2 either), which we don't control.

As far as I know, on Android, we do use chromium/src/third_party/freetype-android, but that's already 2.6.2
Project Member

Comment 3 by sheriffbot@chromium.org, Jul 22 2016

Labels: -Restrict-View-SecurityTeam
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 4 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 5 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic

Sign in to add a comment