New freetype packages: integer overflow vulnerability | Vulnerability Managment Blog

Hide threads | Keyboard Shortcuts

vulnerability management 8:54 am on October 9, 2010 Permalink Reply
Tags: critical watch ( 900 ), freetype ( 9 ), marc schoenefeld ( 2 ), security advisories ( 695 ), vulnerability ( 725 ), vulnerability management ( 512 ), x freetype

New freetype packages: integer overflow vulnerability

Users of FreeType please be advised of a New packages integer overflow vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from http://www.criticalwatch.com

DSA-2116-1: [DSA-2116-1] New freetype packages integer overflow

Marc Schoenefeld has found an input stream position error in the

way the FreeType font rendering engine processed input file streams.

If a user loaded a specially-crafted font file with an application

linked against FreeType and relevant font glyphs were subsequently

rendered with the X FreeType library (libXft), it could cause the

application to crash or, possibly execute arbitrary code.

Read more at http://www.criticalwatch.com

See this Amp at http://bit.ly/a9ajKW

Reply Cancel reply

c: Compose new post
j: Next post/Next comment
k: Previous post/Previous comment
r: Reply
e: Edit
o: Show/Hide comments
t: Go to top
l: Go to login
h: Show/Hide help
shift + esc: Cancel