Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 441
Alerts This Week
Warning Icon 1 441

Debian: DSA-2105-1 Critical: FreeType Multiple Buffer Overflows DoS

debian
Calendar Grey September 7, 2010
Debian Logo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------
Several vulnerabilities have been discovered in the FreeType font library

Summary


Several vulnerabilities have been discovered in the FreeType font
library. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2010-1797

Multiple stack-based buffer overflows in the
cff_decoder_parse_charstrings function in the CFF Type2 CharStrings
interpreter in cff/cffgload.c in FreeType allow remote attackers to
execute arbitrary code or cause a denial of service (memory
corruption) via crafted CFF opcodes in embedded fonts in a PDF
document, as demonstrated by JailbreakMe.

CVE-2010-2541

Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted font file.

CVE-2010-2805

The FT_Stream_EnterFrame function in base/ftstream.c in FreeType does
not properly validate certain position values, which allows remote
attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via a c...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: freetype

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.