Debian 10261 Published by

A freetype security update has been released for Debian GNU/Linux 8 Extended LTS.



ELA-304-1 freetype security update

Package freetype
Version 2.5.2-3+deb8u5
Related CVEs CVE-2020-15999

Sergei Glazunov discovered a heap-based buffer overflow vulnerability in the handling of embedded PNG bitmaps in FreeType. Opening malformed fonts may result in denial of service or the execution of arbitrary code.

For Debian 8 jessie, these problems have been fixed in version 2.5.2-3+deb8u5.

We recommend that you upgrade your freetype packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-304-1 freetype security update