Veracode Vulnerability DatabaseVERACODE:24205Arbitrary Code Execution
EPSS
Percentile
89.6%
freetype is vulnerable to arbitrary code execution. The vulnerability exists as a stack-based buffer overflow flaw was found in the way the FreeType font rendering engine processed some PostScript Type 1 fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
References
freetype.sourceforge.net/index2.html#release-freetype-2.4.2
git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=81f3472c0ba7b8f6466e2e214fa8c1c17fade975
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
marc.info/?l=oss-security&m=128110167119337&w=2
marc.info/?l=oss-security&m=128111955616772&w=2
secunia.com/advisories/40816
secunia.com/advisories/40982
secunia.com/advisories/42314
secunia.com/advisories/42317
sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view
support.apple.com/kb/HT4435
support.apple.com/kb/HT4456
support.apple.com/kb/HT4457
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2010-0864.html
www.securityfocus.com/bid/42285
www.ubuntu.com/usn/USN-972-1
www.vupen.com/english/advisories/2010/2018
www.vupen.com/english/advisories/2010/2106
www.vupen.com/english/advisories/2010/3045
www.vupen.com/english/advisories/2010/3046
access.redhat.com/errata/RHSA-2010:0737
access.redhat.com/errata/RHSA-2010:0864
access.redhat.com/security/cve/CVE-2010-2808
bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019
bugzilla.redhat.com/show_bug.cgi?id=621907
rhn.redhat.com/errata/RHSA-2010-0737.html
savannah.nongnu.org/bugs/?30658
Related
