Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Debian: DSA-2105-1 Critical: FreeType Multiple Buffer Overflows DoS

debian
Calendar Grey September 7, 2010
Debian Logo
Urgent security notice for freetype package on Debian, highlighting several vulnerabilities in font processing that require immediate attention.
Several vulnerabilities have been discovered in the FreeType font library
Topics%20covered

Topics Covered

security advisory critical debian DoS threat freetype local remote multiple buffer overflow

Summary


Several vulnerabilities have been discovered in the FreeType font
library. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2010-1797

Multiple stack-based buffer overflows in the
cff_decoder_parse_charstrings function in the CFF Type2 CharStrings
interpreter in cff/cffgload.c in FreeType allow remote attackers to
execute arbitrary code or cause a denial of service (memory
corruption) via crafted CFF opcodes in embedded fonts in a PDF
document, as demonstrated by JailbreakMe.

CVE-2010-2541

Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted font file.

CVE-2010-2805

The FT_Stream_EnterFrame function in base/ftstream.c in FreeType does
not properly validate certain position values, which allows remote
attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via a c...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: freetype

Topics%20covered

Topics Covered

security advisory critical debian DoS threat freetype local remote multiple buffer overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here