Users of FreeType2 please be advised of Multiple vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
MDVSA-2010:236: [MDVSA-2010:236] freetype2
Problem Description:
Multiple vulnerabilities were discovered and corrected in freetype2:
An error within the "Ins_SHZ()" function in src/truetype/ttinterp.c
when handling the "SHZ" bytecode instruction can be exploited to
cause a crash and potentially execute arbitrary code via a specially
crafted font (CVE-2010-3814).
An error exists in the "ft_var_readpackedpoints()" function in
src/truetype/ttgxvar.c when processing TrueType GX fonts and can
be exploited to cause a heap-based buffer overflow via a specially
crafted font (CVE-2010-3855).
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/c8BJes
No comments:
Post a Comment