Jump to content

Advisories MDVSA-2010:156: freetype2


paul
 Share

Recommended Posts

Multiple vulnerabilities has been found and corrected in freetype2:

 

The FT_Stream_EnterFrame function in base/ftstream.c in FreeType

before 2.4.2 does not properly validate certain position values, which

allows remote attackers to cause a denial of service (application

crash) or possibly execute arbitrary code via a crafted font file

(CVE-2010-2805).

 

Array index error in the t42_parse_sfnts function in type42/t42parse.c

in FreeType before 2.4.2 allows remote attackers to cause a denial of

service (application crash) or possibly execute arbitrary code via

negative size values for certain strings in FontType42 font files,

leading to a heap-based buffer overflow (CVE-2010-2806).

 

FreeType before 2.4.2 uses incorrect integer data types during bounds

checking, which allows remote attackers to cause a denial of service

(application crash) or possibly execute arbitrary code via a crafted

font file (CVE-2010-2807).

 

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c

in FreeType before 2.4.2 allows remote attackers to cause a denial of

service (memory corruption and application crash) or possibly execute

arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN)

font (CVE-2010-2808).

 

bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause

a denial of service (application crash) via a crafted BDF font file,

related to an attempted modification of a value in a static string

(CVE-2010-3053).

 

Unspecified vulnerability in FreeType 2.3.9, and other versions

before 2.4.2, allows remote attackers to cause a denial of service

via vectors involving nested Standard Encoding Accented Character

(aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and

t1decode.c (CVE-2010-3054).

 

Packages for 2008.0 and 2009.0 are provided as of the Extended

Maintenance Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

 

The updated packages have been patched to correct these issues.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...