Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 179161 - media-libs/freetype Integer signedness error (CVE-2007-2754)
Summary: media-libs/freetype Integer signedness error (CVE-2007-2754)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL:
Whiteboard: A2? [glsa] jaervosz
Keywords:
Depends on:
Blocks:
 
Reported: 2007-05-19 22:20 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2007-05-30 19:46 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-19 22:20:15 UTC 
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and
earlier might allow remote attackers to execute arbitrary code via a
crafted TTF image with a negative n_points value, which leads to an
integer overflow and heap-based buffer overflow.
Comment 1 Ryan Hill (RETIRED) gentoo-dev 2007-05-20 07:07:27 UTC 
freetype-2.3.4-r2 is in the tree with the patch from upstream.
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-05-20 07:14:12 UTC 
Thx Ryan.

Arches please test and mark stable. Target keywords are:

freetype-2.3.4-r2.ebuild:KEYWORDS="alpha amd64 ~arm hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd"
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2007-05-20 16:41:00 UTC 
Stable for HPPA.
Comment 4 Raúl Porcel (RETIRED) gentoo-dev 2007-05-20 16:43:18 UTC 
alpha/ia64/x86 stable
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2007-05-21 07:19:36 UTC 
amd64 stable
Comment 6 Gustavo Zacarias (RETIRED) gentoo-dev 2007-05-21 13:02:56 UTC 
sparc stable.
Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev 2007-05-21 19:57:43 UTC 
ppc stable
Comment 8 Markus Rothe (RETIRED) gentoo-dev 2007-05-22 05:34:22 UTC 
ppc64 stable
Comment 9 Joshua Kinard gentoo-dev 2007-05-27 00:25:48 UTC 
mips stable.
Comment 10 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-05-30 19:46:44 UTC 
GLSA 200705-22