Joined: 12 May 2004
|Posted: Sun Jul 09, 2006 6:26 pm Post subject: [ GLSA 200607-02 ] FreeType: Multiple integer overflows
|Gentoo Linux Security Advisory
Title: FreeType: Multiple integer overflows (GLSA 200607-02)
Date: July 09, 2006
Updated: September 03, 2006
Multiple remotely exploitable buffer overflows have been discovered in FreeType, resulting in the execution of arbitrary code.
FreeType is a portable font engine.
Vulnerable: < 2.1.10-r2
Unaffected: >= 2.1.10-r2
Unaffected: < 2.0
Architectures: All supported architectures
Multiple integer overflows exist in a variety of files (bdf/bdflib.c, sfnt/ttcmap.c, cff/cffgload.c, base/ftmac.c).
A remote attacker could exploit these buffer overflows by enticing a user to load a specially crafted font, which could result in the execution of arbitrary code.
There is no known workaround at this time.
All FreeType users should upgrade to the latest stable version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/freetype-2.1.10-r2"
Last edited by GLSA on Mon Sep 04, 2006 4:17 am; edited 1 time in total