Jump to content
Sign in to follow this  
paul

Advisories MDVSA-2010:157: freetype2

Recommended Posts

Multiple vulnerabilities has been found and corrected in freetype2:

 

The FT_Stream_EnterFrame function in base/ftstream.c in FreeType

before 2.4.2 does not properly validate certain position values, which

allows remote attackers to cause a denial of service (application

crash) or possibly execute arbitrary code via a crafted font file

(CVE-2010-2805).

 

Array index error in the t42_parse_sfnts function in type42/t42parse.c

in FreeType before 2.4.2 allows remote attackers to cause a denial of

service (application crash) or possibly execute arbitrary code via

negative size values for certain strings in FontType42 font files,

leading to a heap-based buffer overflow (CVE-2010-2806).

 

FreeType before 2.4.2 uses incorrect integer data types during bounds

checking, which allows remote attackers to cause a denial of service

(application crash) or possibly execute arbitrary code via a crafted

font file (CVE-2010-2807).

 

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c

in FreeType before 2.4.2 allows remote attackers to cause a denial of

service (memory corruption and application crash) or possibly execute

arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN)

font (CVE-2010-2808).

 

bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause

a denial of service (application crash) via a crafted BDF font file,

related to an attempted modification of a value in a static string

(CVE-2010-3053).

 

The updated packages have been patched to correct these issues.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...