<html> <head> <base href="https://bugs.freedesktop.org/"> </head> <body><table border="1" cellspacing="0" cellpadding="8"> <tr> <th>Bug ID</th> <td><a class="bz_bug_link bz_status_NEW " title="NEW - Check range of FcWeightFromOpenType argument." href="https://bugs.freedesktop.org/show_bug.cgi?id=96676">96676</a> </td> </tr> <tr> <th>Summary</th> <td>Check range of FcWeightFromOpenType argument. </td> </tr> <tr> <th>Product</th> <td>fontconfig </td> </tr> <tr> <th>Version</th> <td>2.11 </td> </tr> <tr> <th>Hardware</th> <td>Other </td> </tr> <tr> <th>OS</th> <td>All </td> </tr> <tr> <th>Status</th> <td>NEW </td> </tr> <tr> <th>Severity</th> <td>normal </td> </tr> <tr> <th>Priority</th> <td>medium </td> </tr> <tr> <th>Component</th> <td>library </td> </tr> <tr> <th>Assignee</th> <td>fontconfig-bugs@lists.freedesktop.org </td> </tr> <tr> <th>Reporter</th> <td>tobias@stoeckmann.org </td> </tr> <tr> <th>QA Contact</th> <td>freedesktop@behdad.org </td> </tr></table> <p> <div> <pre>Created <span class=""><a href="attachment.cgi?id=124719" name="attach_124719" title="patch to fix this issue">attachment 124719</a> <a href="attachment.cgi?id=124719&action=edit" title="patch to fix this issue">[details]</a></span> <a href='page.cgi?id=splinter.html&bug=96676&attachment=124719'>[review]</a> patch to fix this issue The argument to FcWeightToOpenType is already properly upper bounded, but the same check should be done in FcWeightFromOpenType, too. This fixes an out of boundary access while iterating over array on malicious font input.</pre> </div> </p> <hr> <span>You are receiving this mail because:</span> <ul> <li>You are the assignee for the bug.</li> </ul> </body> </html>