Issue metadata
Sign in to add a comment
|
Security: PDFium could be affected by security issue in freetype 2.6.1
Reported by
stackexp...@gmail.com,
Apr 14 2016
|
||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS The freetype copy that's bundled in pdfium is currently at version 2.6.1. This version is vulnerable to malformed fonts as described on the freetype home page. > FreeType 2.6.2 > 2015-11-28 > FreeType 2.6.2 has been released. This is a minor release that mainly provides better handling of malformed fonts. All users should upgrade. The detailed information about this issue is available at https://bugs.chromium.org/p/project-zero/issues/detail?id=602 Patch is available at http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=57cbb8c148999ba8f14ed53435fc071ac9953afd The freetype library should be updated to 2.6.2 or higher version.
,
Apr 14 2016
The PDFium-bundled freetype is not shipped to any users. Chrome on Linux is linked with system freetype (not chromium/src/third_party/freetype2 either), which we don't control. As far as I know, on Android, we do use chromium/src/third_party/freetype-android, but that's already 2.6.2
,
Jul 22 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by tsepez@chromium.org
, Apr 14 2016Status: Assigned (was: Unconfirmed)