‫ FreeType Multiple Vulnerabilities

IRCAD2012031770
ID: IRCAD2012031770
Release Date: 2012-03-07
Criticality level: Highly critical
 
Software:
FreeType 2.x
 
Description:
Multiple vulnerabilities have been reported in FreeType, which can be exploited by malicious people to potentially compromise an application using the library.
1) An error in src/type1/t1parse.c when processing dictionaries can be exploited to cause heap-based memory corruption via a specially crafted Type1 font file.
2) An error in src/bdf/bdflib.c when processing the encoding field can be exploited to cause heap-based memory corruption via a specially crafted Bitmap Distribution Format (BDF) font file.
3) An error in src/winfonts/winfnt.c when processing the number of glyphs can be exploited to cause heap-based memory corruption via a specially crafted TrueType font file.
4) An error in src/truetype/ttgload.c when handling the zone2 pointer point can be exploited to cause heap-based memory corruption via a specially crafted TrueType font file.
5) An error in src/bdf/bdflib.c when processing negative encoding values can be exploited to cause heap-based memory corruption via a specially crafted Bitmap Distribution Format (BDF) font file.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
NOTE: Additionally, some errors exist when processing various font files, which may result in an access violation and crash the application.
 
Solution
Fixed in the GIT repository.
 
References:
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 17 اسفند 1390

امتیاز

امتیاز شما
تعداد امتیازها:0