Advisories (MDKSA-2006:099-1 ): freetype2

aru · June 14, 2006

Mandriva Advisories MDKSA-2006:099-1 : freetype2

Updated freetype2 packages fixes multiple vulnerabilities.

June 13th, 2006

Integer underflow in Freetype before 2.2 allows remote attackers to cause

a denial of service (crash) via a font file with an odd number of blue

values, which causes the underflow when decrementing by 2 in a context

that assumes an even number of values. (CVE-2006-0747)

Multiple integer overflows in FreeType before 2.2 allow remote attackers to

cause a denial of service (crash) and possibly execute arbitrary code via

attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c,

(3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file

in base/ftmac.c. (CVE-2006-1861)

Ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial

of service (crash) via a crafted font file that triggers a null dereference.

(CVE-2006-2661)

In addition, a patch is applied to 2.1.10 in Mandriva 2006 to fix a serious

bug in ttkern.c that caused some programs to go into an infinite loop when

dealing with fonts that don't have a properly sorted kerning sub-table.

This patch is not applicable to the earlier Mandriva releases.

Update:

The previous update introduced some issues with other applications and

libraries linked to libfreetype, that were missed in testing for the

vulnerabilty issues. The new packages correct these issues.

The released versions of Mandriva GNU/Linux affected are:

Full information about this advisory, including the updated packages, is available at:

Other references:

Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)

Recommended Posts