Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 345843 (CVE-2010-3814)

Summary: <media-libs/freetype-2.4.3-r2: Arbitrary Code Execution Vulnerability (CVE-2010-3814)
Product: Gentoo Security Reporter: Tim Sammut (RETIRED) <underling>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: bugsgentoo, fonts
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0edf0986f3be570f5bf90ff245a85c1675f5c9a4
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description Tim Sammut (RETIRED) gentoo-dev 2010-11-17 05:39:10 UTC
It looks like there is another publicly disclosed vulnerability in upstream's version 2.4.3. From a Mandriva security alert:

" An error within the "Ins_SHZ()" function in src/truetype/ttinterp.c
 when handling the "SHZ" bytecode instruction can be exploited to
 cause a crash and potentially execute arbitrary code via a specially
 crafted font (CVE-2010-3814)."

Upstream commit at $URL.
Comment 1 Ryan Hill (RETIRED) gentoo-dev 2010-11-18 01:52:15 UTC
2.4.3-r2 committed.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2010-11-18 01:55:39 UTC
Thank you.

Arches, please test and mark stable:
=media-libs/freetype-2.4.3-r2
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-11-18 13:00:26 UTC
x86 stable
Comment 4 Markus Meier gentoo-dev 2010-11-19 15:15:11 UTC
arm stable
Comment 5 Markos Chandras (RETIRED) gentoo-dev 2010-11-19 20:03:15 UTC
amd64 done
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2010-11-20 12:18:38 UTC
alpha/ia64/m68k/s390/sh/sparc stable
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2010-11-23 17:56:58 UTC
Stable for HPPA PPC.
Comment 8 Brent Baude (RETIRED) gentoo-dev 2010-11-28 14:28:50 UTC
ppc64 done
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2010-11-28 15:22:39 UTC
GLSA with bug 342121.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 19:33:23 UTC
CVE-2010-3814 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814):
  Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType
  2.4.3 and earlier allows remote attackers to execute arbitrary code or cause
  a denial of service (application crash) via a crafted SHZ bytecode
  instruction, related to TrueType opcodes, as demonstrated by a PDF document
  with a crafted embedded font.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2012-01-23 20:35:48 UTC
This issue was resolved and addressed in
 GLSA 201201-09 at http://security.gentoo.org/glsa/glsa-201201-09.xml
by GLSA coordinator Sean Amoss (ackle).