====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN583
_____________________________________________________________________

DATE                : 20/10/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FreeType versions prior to 2.10.4.

=====================================================================
https://www.freetype.org/index.html#news
https://sourceforge.net/projects/freetype/files/freetype2/2.10.4/
_____________________________________________________________________

FreeType 2.10.4
2020-10-20

This is an emergency release, fixing a severe vulnerability in embedded
PNG bitmap handling (see here for more).

All users should update immediately.

_____________________________________________________________________

CHANGES BETWEEN 2.10.3 and 2.10.4

  I. IMPORTANT BUG FIXES

  - A heap buffer overflow has been found  in the handling of embedded
    PNG bitmaps, introduced in FreeType version 2.6.

      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999

    If you  use option  FT_CONFIG_OPTION_USE_PNG  you  should  upgrade
    immediately.
Source: README, updated 2020-10-20


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================