Monday, October 18, 2010

freetype2: code execution vulnerability

Users of freetype2 please be advised of a code execution vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com
MDVSA-2010:201: [MDVSA-2010:201] freetype2 code execution
Problem Description:



A vulnerability was discovered and corrected in freetype2:



Marc Schoenefeld found an input stream position error in the way

FreeType font rendering engine processed input file streams. If

a user loaded a specially-crafted font file with an application

linked against FreeType and relevant font glyphs were subsequently

rendered with the X FreeType library (libXft), it could cause the

application to crash or, possibly execute arbitrary code (integer

overflow leading to heap-based buffer overflow in the libXft library)

with the privileges of the user running the application. Different

vulnerability than CVE-2010-1797 (CVE-2010-3311).
Read more at www.criticalwatch.com
 

No comments:

Post a Comment