Summary: | <media-libs/freetype-2.3.9-r1 Multiple integer overflows (CVE-2009-0946) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | normal | CC: | fonts, gentoo, please.no.spam.here, rhill | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | A2 [glsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2009-03-19 12:55:20 UTC
This is still lacking CVE id and upstream approval for the patch provided by Tavis. Reproducers are available. Created attachment 185509 [details, diff]
freetype-2.3.8-sec.diff
This is now public. Patches are here: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0a05ba257b6ddd87dacf8d54b626e4b360e0a596 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5 CVE-2009-0946 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0946): Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. Created attachment 190235 [details, diff]
freetype-2.3.9-CVE-2009-0946.patch
freetype-2.3.9-r1 added to tree Arches, please test and mark stable: =media-libs/freetype-2.3.9-r1 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" ppc64 done ppc done amd64 stable x86 stable Stable for HPPA. alpha/arm/ia64/m68k/s390/sh/sparc stable GLSA request filed. GLSA 200905-05 Does this bug also affect freetype-1.4? I still need this for texlive, but it doesn't appear to have been patched. |