Jump to content
Sign in to follow this  
paul

Advisories MDVSA-2010:236: freetype2

Recommended Posts

Multiple vulnerabilities were discovered and corrected in freetype2:

 

An error within the "Ins_SHZ()" function in src/truetype/ttinterp.c

when handling the "SHZ" bytecode instruction can be exploited to

cause a crash and potentially execute arbitrary code via a specially

crafted font (CVE-2010-3814).

 

An error exists in the "ft_var_readpackedpoints()" function in

src/truetype/ttgxvar.c when processing TrueType GX fonts and can

be exploited to cause a heap-based buffer overflow via a specially

crafted font (CVE-2010-3855).

 

Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

 

The updated packages have been patched to correct these issues.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...