Jump to content

Advisories MDVSA-2010:201: freetype2


paul
 Share

Recommended Posts

A vulnerability was discovered and corrected in freetype2:

 

Marc Schoenefeld found an input stream position error in the way

FreeType font rendering engine processed input file streams. If

a user loaded a specially-crafted font file with an application

linked against FreeType and relevant font glyphs were subsequently

rendered with the X FreeType library (libXft), it could cause the

application to crash or, possibly execute arbitrary code (integer

overflow leading to heap-based buffer overflow in the libXft library)

with the privileges of the user running the application. Different

vulnerability than CVE-2010-1797 (CVE-2010-3311).

 

Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

 

The updated packages have been patched to correct this issue.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...