FreeType: Arbitrary Code Execution Vulnerability

Users of FreeType please be advised of an arbitrary code execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

USN-1013-1: [USN-1013-1] FreeType vulnerabilities
Details follow:

Marc Schoenefeld discovered that FreeType did not correctly handle certain

malformed font files. If a user were tricked into using a specially crafted

font file, a remote attacker could cause FreeType to crash or possibly

execute arbitrary code with user privileges. This issue only affected

Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3311)

Chris Evans discovered that FreeType did not correctly handle certain

malformed TrueType font files. If a user were tricked into using a

specially crafted TrueType file, a remote attacker could cause FreeType to

crash or possibly execute arbitrary code with user privileges. This issue

only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-3814)

Read more at http://www.criticalwatch.com

 

Advertisements