فا

‫ FreeType PostScript Type1 Font Parsing Vulnerability

IRCAD2011071294
ID:IRCAD2011071294
Release Date: 2011-07-08
Criticality level: Highly critical
Software:
FreeType 2.x
Description:
A vulnerability has been reported in FreeType, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error within the "t1_decoder_parse_charstrings()" function (src/psaux/t1decode.c) and can be exploited to corrupt memory by tricking a user into processing a specially crafted PostScript Type1 font in an application using the library.
The vulnerability is reported in version 2.4.5. Other versions may also be affected.
Solution
Do not open untrusted documents or fonts.
References:
Original Advisory
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 25 بهمن 1390

امتیاز

امتیاز شما
تعداد امتیازها: 0