Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is this freetype implementation vulnerable to CVE-2020-15999 #80

Open
AngelinaSosa opened this issue Nov 12, 2020 · 1 comment
Open

Is this freetype implementation vulnerable to CVE-2020-15999 #80

AngelinaSosa opened this issue Nov 12, 2020 · 1 comment

Comments

@AngelinaSosa
Copy link

Do you know if this vulnerability is applicable ? References:
https://savannah.nongnu.org/bugs/?59308

https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd

https://www.mail-archive.com/[email protected]/msg00125.html

https://nvd.nist.gov/vuln/detail/CVE-2020-15999

Thank you !
Angelina
@HinTak
Copy link

HinTak commented Nov 1, 2022

As far as I see it is irrelevant - the upstream bug is about vulnerability in the sbit table reading due to dependency on libpng. It is one of the apple style bitmaps which requires libpng to work. Freetype go does not support reading the sbit bitmaps at all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@HinTak @AngelinaSosa