Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 342121 (CVE-2010-3855) - <media-libs/freetype-2.4.3-r1: Heap Overflow Vulnerability via Crafted Font (CVE-2010-3855)
Summary: <media-libs/freetype-2.4.3-r1: Heap Overflow Vulnerability via Crafted Font (...
Alias: CVE-2010-3855
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
Depends on:
Reported: 2010-10-22 06:35 UTC by Tim Sammut (RETIRED)
Modified: 2012-01-23 20:35 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-10-22 06:35:03 UTC
Upstream commit at $url.

From the Secunia advisory at

A vulnerability has been reported in FreeType, which can be exploited to cause a DoS (Denial of Service) or potentially compromise an application using the library.

The vulnerability is caused due to an error in the "ft_var_readpackedpoints()" function in src/truetype/ttgxvar.c when processing TrueType GX fonts. This can be exploited to cause a heap-based buffer overflow via a specially crafted font.

The vulnerability is reported in version 2.4.3. Other versions may also be affected.
Comment 1 Ryan Hill (RETIRED) gentoo-dev 2010-10-23 02:38:32 UTC
Patch applied in 2.4.3-r1.  2.4.3 was in the middle of stabilization so I'll close bug #341845 and we'll do it here.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2010-10-23 04:39:59 UTC
Great, thank you, Ryan.

Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 3 Agostino Sarubbo gentoo-dev 2010-10-23 12:57:19 UTC
ok for me on amd64
Comment 4 Markos Chandras (RETIRED) gentoo-dev 2010-10-23 13:20:16 UTC
amd64 done. Thanks Agostino
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2010-10-23 14:39:19 UTC
Stable for HPPA.
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2010-10-23 16:43:26 UTC
alpha/arm/ia64/m68k/s390/sh/sparc/x86 stable
Comment 7 Brent Baude (RETIRED) gentoo-dev 2010-10-24 23:48:37 UTC
ppc done
Comment 8 Mark Loeser (RETIRED) gentoo-dev 2010-10-26 00:18:42 UTC
ppc64 done
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2010-10-26 00:37:09 UTC
Thanks folks, GLSA request filed. 
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2010-11-19 06:22:04 UTC
This is CVE-2010-3855.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2011-06-24 19:52:16 UTC
CVE-2010-3855 (
  Buffer overflow in the ft_var_readpackedpoints function in
  truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to
  cause a denial of service (application crash) or possibly execute arbitrary
  code via a crafted TrueType GX font.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2012-01-23 20:35:43 UTC
This issue was resolved and addressed in
 GLSA 201201-09 at
by GLSA coordinator Sean Amoss (ackle).