Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 342121 (CVE-2010-3855)

Summary: <media-libs/freetype-2.4.3-r1: Heap Overflow Vulnerability via Crafted Font (CVE-2010-3855)
Product: Gentoo Security Reporter: Tim Sammut (RETIRED) <underling>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: bugsgentoo, fonts
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=59eb9f8cfe7d1df379a2318316d1f04f80fba54a
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description Tim Sammut (RETIRED) gentoo-dev 2010-10-22 06:35:03 UTC 
Upstream commit at $url.

From the Secunia advisory at http://secunia.com/advisories/41738/:

Description
A vulnerability has been reported in FreeType, which can be exploited to cause a DoS (Denial of Service) or potentially compromise an application using the library.

The vulnerability is caused due to an error in the "ft_var_readpackedpoints()" function in src/truetype/ttgxvar.c when processing TrueType GX fonts. This can be exploited to cause a heap-based buffer overflow via a specially crafted font.

The vulnerability is reported in version 2.4.3. Other versions may also be affected.
Comment 1 Ryan Hill (RETIRED) gentoo-dev 2010-10-23 02:38:32 UTC 
Patch applied in 2.4.3-r1.  2.4.3 was in the middle of stabilization so I'll close bug #341845 and we'll do it here.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2010-10-23 04:39:59 UTC 
Great, thank you, Ryan.

Arches, please test and mark stable:
=media-libs/freetype-2.4.3-r1
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 3 Agostino Sarubbo gentoo-dev 2010-10-23 12:57:19 UTC 
ok for me on amd64
Comment 4 Markos Chandras (RETIRED) gentoo-dev 2010-10-23 13:20:16 UTC 
amd64 done. Thanks Agostino
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2010-10-23 14:39:19 UTC 
Stable for HPPA.
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2010-10-23 16:43:26 UTC 
alpha/arm/ia64/m68k/s390/sh/sparc/x86 stable
Comment 7 Brent Baude (RETIRED) gentoo-dev 2010-10-24 23:48:37 UTC 
ppc done
Comment 8 Mark Loeser (RETIRED) gentoo-dev 2010-10-26 00:18:42 UTC 
ppc64 done
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2010-10-26 00:37:09 UTC 
Thanks folks, GLSA request filed.
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2010-11-19 06:22:04 UTC 
This is CVE-2010-3855.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 19:52:16 UTC 
CVE-2010-3855 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855):
  Buffer overflow in the ft_var_readpackedpoints function in
  truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to
  cause a denial of service (application crash) or possibly execute arbitrary
  code via a crafted TrueType GX font.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2012-01-23 20:35:43 UTC 
This issue was resolved and addressed in
 GLSA 201201-09 at http://security.gentoo.org/glsa/glsa-201201-09.xml
by GLSA coordinator Sean Amoss (ackle).