Summary: | <media-libs/freetype-2.4.3-r2: Arbitrary Code Execution Vulnerability (CVE-2010-3814) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | bugsgentoo, fonts |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0edf0986f3be570f5bf90ff245a85c1675f5c9a4 | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2010-11-17 05:39:10 UTC
2.4.3-r2 committed. Thank you. Arches, please test and mark stable: =media-libs/freetype-2.4.3-r2 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" x86 stable arm stable amd64 done alpha/ia64/m68k/s390/sh/sparc stable Stable for HPPA PPC. ppc64 done GLSA with bug 342121. CVE-2010-3814 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814): Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font. This issue was resolved and addressed in GLSA 201201-09 at http://security.gentoo.org/glsa/glsa-201201-09.xml by GLSA coordinator Sean Amoss (ackle). |