|
|
| News |
|
FreeType Multiple Vulnerabilities |
| 11-22-2010 |
Some vulnerabilities have been reported in FreeType, which can be exploited to cause a DoS (Denial of Service) or potentially compromise an application using the library.
A heap based buffer overflow was found in the "ft_var_readpackedpoints()" function in src/truetype/ttgxvar.c when processing TrueType GX fonts.
If a user opened a specially crafted TrueType GX font file, with an application complied with freetype library, it could cause denial of service (application crash) or potentially execute arbitrary code with the privileges of the user running that application.
The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library.
The vulnerabilities are reported in version 2.4.3. Other versions may also be affected.
Solution
Fixed in the Git repository.
This update can be installed with the "yum" update program. Use su -c 'yum update freetype' at the command line.
This issue has been addressed in following products:
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
More - https://bugzilla.redhat.com/show_bug.cgi?id=645275 |
| Remember, we listen to you! Any comments/suggestions should be sent to info@serverbuddies.com. |
|
| |
|
|
