‫ FreeType BDF Glyph Processing Buffer Overflow Vulnerability

IRCAD2012122387
 
ID: IRCAD2012122387
Release Date: 2012-12-26
Criticality level: Highly critical
 
Software:
FreeType 2.x
 
Description:
A vulnerability has been reported in FreeType, which can be exploited by malicious people to potentially compromise an application using the library.
The vulnerability is caused due to an error in the "_bdf_parse_glyphs()" function (src/bdf/bdflib.c) when processing glyph information within Bitmap Distribution Format (BDF) files and can be exploited to cause a heap-based buffer overflow.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions prior to 2.4.11.
 
Solution
Update to version 2.4.11.
 
References:
GNU:
 
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 9 دی 1391

امتیاز

امتیاز شما
تعداد امتیازها:0