Bug 179161

Summary:	media-libs/freetype Integer signedness error (CVE-2007-2754)
Product:	Gentoo Security	Reporter:	Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	bernd, chainsaw, fonts
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	A2? [glsa] jaervosz
Package list:		Runtime testing required:	---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-05-19 22:20:15 UTC

Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and
earlier might allow remote attackers to execute arbitrary code via a
crafted TTF image with a negative n_points value, which leads to an
integer overflow and heap-based buffer overflow.

Comment 1 Ryan Hill (RETIRED) gentoo-dev

2007-05-20 07:07:27 UTC

freetype-2.3.4-r2 is in the tree with the patch from upstream.

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-05-20 07:14:12 UTC

Thx Ryan.

Arches please test and mark stable. Target keywords are:

freetype-2.3.4-r2.ebuild:KEYWORDS="alpha amd64 ~arm hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd"

Comment 3 Jeroen Roovers (RETIRED) gentoo-dev

2007-05-20 16:41:00 UTC

Stable for HPPA.

Comment 4 Raúl Porcel (RETIRED) gentoo-dev

2007-05-20 16:43:18 UTC

alpha/ia64/x86 stable

Comment 5 Christian Faulhammer (RETIRED) gentoo-dev

2007-05-21 07:19:36 UTC

amd64 stable

Comment 6 Gustavo Zacarias (RETIRED) gentoo-dev

2007-05-21 13:02:56 UTC

sparc stable.

Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev

2007-05-21 19:57:43 UTC

ppc stable

Comment 8 Markus Rothe (RETIRED) gentoo-dev

2007-05-22 05:34:22 UTC

ppc64 stable

Comment 9 Joshua Kinard gentoo-dev

2007-05-27 00:25:48 UTC

mips stable.

Comment 10 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-05-30 19:46:44 UTC

GLSA 200705-22