Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 173438 - media-fonts/freetype < 2.3.3 Integer overflow (CVE-2007-1351)
Summary: media-fonts/freetype < 2.3.3 Integer overflow (CVE-2007-1351)
Status: RESOLVED DUPLICATE of bug 172577
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [ebuild] p-y
Depends on: 172575
  Show dependency tree
Reported: 2007-04-05 09:30 UTC by Pierre-Yves Rofes (RETIRED)
Modified: 2007-04-06 21:32 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-04-05 09:30:34 UTC
A vulnerability has been reported in FreeType, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

The vulnerability is caused due to an integer overflow when parsing BDF fonts. This can be exploited to cause a heap-based buffer overflow via a specially crafted BDF font.

The vulnerability is reported in versions prior to 2.3.3.

fonts, please advise.
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-04-05 09:34:05 UTC
setting status and CC'ing maintainer.
Comment 2 Diego Elio Pettenò (RETIRED) gentoo-dev 2007-04-05 09:39:18 UTC
I think Ryan took freetype2 over.
Comment 3 Ryan Hill (RETIRED) gentoo-dev 2007-04-06 21:32:32 UTC

*** This bug has been marked as a duplicate of bug 172577 ***