| Package | freetype |
|---|---|
| Version | 2.4.9-1.1+deb7u8 |
| Related CVEs | CVE-2015-9290 |
In FreeType a buffer over-read occured in type1/t1parse.c on function T1_Get_Private_Dict. The fix assures that ‘cur’ in the parser code doesn’t point to the end of the file buffer.
For Debian 7 Wheezy, these problems have been fixed in version 2.4.9-1.1+deb7u8.
We recommend that you upgrade your freetype packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.