173438 – media-fonts/freetype < 2.3.3 Integer overflow (CVE-2007-1351)

Bug 173438 - media-fonts/freetype < 2.3.3 Integer overflow (CVE-2007-1351)

Summary: media-fonts/freetype < 2.3.3 Integer overflow (CVE-2007-1351)

Status:	RESOLVED DUPLICATE of bug 172577

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/24768/
Whiteboard:	A3 [ebuild] p-y
Keywords:

Depends on:	172575
Blocks:
	Show dependency tree

Reported:	2007-04-05 09:30 UTC by Pierre-Yves Rofes (RETIRED)
Modified:	2007-04-06 21:32 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-04-05 09:30:34 UTC

A vulnerability has been reported in FreeType, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

The vulnerability is caused due to an integer overflow when parsing BDF fonts. This can be exploited to cause a heap-based buffer overflow via a specially crafted BDF font.

The vulnerability is reported in versions prior to 2.3.3.

fonts, please advise.

Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-04-05 09:34:05 UTC

setting status and CC'ing maintainer.

Comment 2 Diego Elio Pettenò (RETIRED) gentoo-dev

2007-04-05 09:39:18 UTC

I think Ryan took freetype2 over.

Comment 3 Ryan Hill (RETIRED) gentoo-dev

2007-04-06 21:32:32 UTC


*** This bug has been marked as a duplicate of bug 172577 ***