freetype icon indicating copy to clipboard operation
freetype copied to clipboard

Published 20 hours ago verified publisher icon golang

Is this freetype implementation vulnerable to CVE-2020-15999

Open AngelinaSosa opened this issue 5 years ago • 1 comments

Do you know if this vulnerability is applicable ? References: https://savannah.nongnu.org/bugs/?59308

https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd

https://www.mail-archive.com/[email protected]/msg00125.html

https://nvd.nist.gov/vuln/detail/CVE-2020-15999

Thank you ! Angelina

AngelinaSosa avatar Nov 12 '20 01:11 AngelinaSosa

As far as I see it is irrelevant - the upstream bug is about vulnerability in the sbit table reading due to dependency on libpng. It is one of the apple style bitmaps which requires libpng to work. Freetype go does not support reading the sbit bitmaps at all.

HinTak avatar Nov 01 '22 01:11 HinTak