|Main Archive Page > Month Archives > oss-security archives|
I'm not sure if this has received a CVE name or not (if it did, it was
likely assigned to iOS specifically and not freetype).
It looks like the flaw used to jailbreak the iphone was in freetype's
PS type1 font handling.
I've taken a quick look, but am by no means a C guy, but the code paths
are different in freetype 2.2.x and it looks as thought 2.3.11 at least
(so perhaps all of 2.3.x?) is affected. The Secunia report indicates
2.4.5 and possibly older versions.
-- Vincent Danen / Red Hat Security Response Team