Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 345843 (CVE-2010-3814) - <media-libs/freetype-2.4.3-r2: Arbitrary Code Execution Vulnerability (CVE-2010-3814)
Summary: <media-libs/freetype-2.4.3-r2: Arbitrary Code Execution Vulnerability (CVE-20...
Alias: CVE-2010-3814
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
Depends on:
Reported: 2010-11-17 05:39 UTC by Tim Sammut (RETIRED)
Modified: 2012-01-23 20:35 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-11-17 05:39:10 UTC
It looks like there is another publicly disclosed vulnerability in upstream's version 2.4.3. From a Mandriva security alert:

" An error within the "Ins_SHZ()" function in src/truetype/ttinterp.c
 when handling the "SHZ" bytecode instruction can be exploited to
 cause a crash and potentially execute arbitrary code via a specially
 crafted font (CVE-2010-3814)."

Upstream commit at $URL.
Comment 1 Ryan Hill (RETIRED) gentoo-dev 2010-11-18 01:52:15 UTC
2.4.3-r2 committed.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2010-11-18 01:55:39 UTC
Thank you.

Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

Comment 3 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-11-18 13:00:26 UTC
x86 stable
Comment 4 Markus Meier gentoo-dev 2010-11-19 15:15:11 UTC
arm stable
Comment 5 Markos Chandras (RETIRED) gentoo-dev 2010-11-19 20:03:15 UTC
amd64 done
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2010-11-20 12:18:38 UTC
alpha/ia64/m68k/s390/sh/sparc stable
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2010-11-23 17:56:58 UTC
Stable for HPPA PPC.
Comment 8 Brent Baude (RETIRED) gentoo-dev 2010-11-28 14:28:50 UTC
ppc64 done
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2010-11-28 15:22:39 UTC
GLSA with bug 342121.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 19:33:23 UTC
CVE-2010-3814 (
  Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType
  2.4.3 and earlier allows remote attackers to execute arbitrary code or cause
  a denial of service (application crash) via a crafted SHZ bytecode
  instruction, related to TrueType opcodes, as demonstrated by a PDF document
  with a crafted embedded font.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2012-01-23 20:35:48 UTC
This issue was resolved and addressed in
 GLSA 201201-09 at
by GLSA coordinator Sean Amoss (ackle).