New freetype packages: integer overflow vulnerability
Users of FreeType please be advised of a New packages integer overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from http://www.criticalwatch.com
DSA-2116-1: [DSA-2116-1] New freetype packages integer overflow
Marc Schoenefeld has found an input stream position error in the
way the FreeType font rendering engine processed input file streams.
If a user loaded a specially-crafted font file with an application
linked against FreeType and relevant font glyphs were subsequently
rendered with the X FreeType library (libXft), it could cause the
application to crash or, possibly execute arbitrary code.
Read more at http://www.criticalwatch.com
See this Amp at http://bit.ly/a9ajKW
Reply