Jump to content
Sign in to follow this  
paul

Advisories MDVSA-2010:156: freetype2

Recommended Posts

Multiple vulnerabilities has been found and corrected in freetype2:

 

The FT_Stream_EnterFrame function in base/ftstream.c in FreeType

before 2.4.2 does not properly validate certain position values, which

allows remote attackers to cause a denial of service (application

crash) or possibly execute arbitrary code via a crafted font file

(CVE-2010-2805).

 

Array index error in the t42_parse_sfnts function in type42/t42parse.c

in FreeType before 2.4.2 allows remote attackers to cause a denial of

service (application crash) or possibly execute arbitrary code via

negative size values for certain strings in FontType42 font files,

leading to a heap-based buffer overflow (CVE-2010-2806).

 

FreeType before 2.4.2 uses incorrect integer data types during bounds

checking, which allows remote attackers to cause a denial of service

(application crash) or possibly execute arbitrary code via a crafted

font file (CVE-2010-2807).

 

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c

in FreeType before 2.4.2 allows remote attackers to cause a denial of

service (memory corruption and application crash) or possibly execute

arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN)

font (CVE-2010-2808).

 

bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause

a denial of service (application crash) via a crafted BDF font file,

related to an attempted modification of a value in a static string

(CVE-2010-3053).

 

Unspecified vulnerability in FreeType 2.3.9, and other versions

before 2.4.2, allows remote attackers to cause a denial of service

via vectors involving nested Standard Encoding Accented Character

(aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and

t1decode.c (CVE-2010-3054).

 

Packages for 2008.0 and 2009.0 are provided as of the Extended

Maintenance Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

 

The updated packages have been patched to correct these issues.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...