Bug 179161 - media-libs/freetype Integer signedness error (CVE-2007-2754)
Bug#: 179161 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: jaervosz@gentoo.org
Component: Vulnerabilities
URL: 
Summary: media-libs/freetype Integer signedness error (CVE-2007-2754)
Keywords:  
Status Whiteboard: A2? [glsa] jaervosz
Opened: 2007-05-19 22:20 0000
Description:   Opened: 2007-05-19 22:20 0000 
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and
earlier might allow remote attackers to execute arbitrary code via a
crafted TTF image with a negative n_points value, which leads to an
integer overflow and heap-based buffer overflow.

------- Comment #1 From Ryan Hill 2007-05-20 07:07:27 0000 ------- 
freetype-2.3.4-r2 is in the tree with the patch from upstream.

------- Comment #2 From Sune Kloppenborg Jeppesen 2007-05-20 07:14:12 0000 ------- 
Thx Ryan.

Arches please test and mark stable. Target keywords are:

freetype-2.3.4-r2.ebuild:KEYWORDS="alpha amd64 ~arm hppa ia64 ~m68k ~mips ppc
ppc64 ~s390 ~sh sparc x86 ~x86-fbsd"

------- Comment #3 From Jeroen Roovers 2007-05-20 16:41:00 0000 ------- 
Stable for HPPA.

------- Comment #4 From Raúl Porcel 2007-05-20 16:43:18 0000 ------- 
alpha/ia64/x86 stable

------- Comment #5 From Christian Faulhammer 2007-05-21 07:19:36 0000 ------- 
amd64 stable

------- Comment #6 From Gustavo Zacarias (RETIRED) 2007-05-21 13:02:56 0000 ------- 
sparc stable.

------- Comment #7 From Tobias Scherbaum 2007-05-21 19:57:43 0000 ------- 
ppc stable

------- Comment #8 From Markus Rothe 2007-05-22 05:34:22 0000 ------- 
ppc64 stable

------- Comment #9 From Joshua Kinard 2007-05-27 00:25:48 0000 ------- 
mips stable.

------- Comment #10 From Raphael Marichez 2007-05-30 19:46:44 0000 ------- 
GLSA 200705-22