Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 173438

Summary: media-fonts/freetype < 2.3.3 Integer overflow (CVE-2007-1351)
Product: Gentoo Security Reporter: Pierre-Yves Rofes (RETIRED) <py>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: flameeyes, fonts, foser
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/24768/
Whiteboard: A3 [ebuild] p-y
Package list:
Runtime testing required: ---
Bug Depends on: 172575    
Bug Blocks:    

Description Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-04-05 09:30:34 UTC
A vulnerability has been reported in FreeType, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

The vulnerability is caused due to an integer overflow when parsing BDF fonts. This can be exploited to cause a heap-based buffer overflow via a specially crafted BDF font.

The vulnerability is reported in versions prior to 2.3.3.

fonts, please advise.
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-04-05 09:34:05 UTC
setting status and CC'ing maintainer.
Comment 2 Diego Elio Pettenò (RETIRED) gentoo-dev 2007-04-05 09:39:18 UTC
I think Ryan took freetype2 over.
Comment 3 Ryan Hill (RETIRED) gentoo-dev 2007-04-06 21:32:32 UTC

*** This bug has been marked as a duplicate of bug 172577 ***