GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Jul 09, 2006 6:26 pm Post subject: [ GLSA 200607-02 ] FreeType: Multiple integer overflows |
 |
|
Gentoo Linux Security Advisory
Title: FreeType: Multiple integer overflows (GLSA 200607-02)
Severity: normal
Exploitable: remote
Date: July 09, 2006
Updated: September 03, 2006
Bug(s): #124828
ID: 200607-02
Synopsis
Multiple remotely exploitable buffer overflows have been discovered in FreeType, resulting in the execution of arbitrary code.
Background
FreeType is a portable font engine.
Affected Packages
Package: media-libs/freetype
Vulnerable: < 2.1.10-r2
Unaffected: >= 2.1.10-r2
Unaffected: < 2.0
Architectures: All supported architectures
Description
Multiple integer overflows exist in a variety of files (bdf/bdflib.c, sfnt/ttcmap.c, cff/cffgload.c, base/ftmac.c).
Impact
A remote attacker could exploit these buffer overflows by enticing a user to load a specially crafted font, which could result in the execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All FreeType users should upgrade to the latest stable version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/freetype-2.1.10-r2" |
References
CVE-2006-1861
Last edited by GLSA on Mon Sep 04, 2006 4:17 am; edited 1 time in total |
|
News & Announcements
