3 matches found
CVE-2025-40322
Summary (CVE-2025-40322) : In the Linux kernel framebuffer (fbdev) bitblit path, bit_putcs* computations derived a glyph pointer from the character value masked by 0xff/0x1ff, which could read past the font array end. The fix clamps the index to the actual glyph count before computing the address...
CVE-2025-40322
In the Linux kernel, the following vulnerability has been resolved: fbdev: bitblit: bound-check glyph index in bitputcs bitputcsaligned/unaligned derived the glyph pointer from the character value masked by 0xff/0x1ff, which may exceed the actual font's glyph count and read past the end of the...
freetype: incorrect computation of number of glyphs in FNT_Face_Init() for FNT/FON files (#35659)
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service invalid heap write operation and memory corruption or possibly execute arbitrary code via crafted glyph-outline data in a font...