en

‫ FreeType PostScript Type1 Font Parsing Vulnerability

IRCAD2011071294
ID:IRCAD2011071294
Release Date: 2011-07-08
Criticality level: Highly critical
Software:
FreeType 2.x
Description:
A vulnerability has been reported in FreeType, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error within the "t1_decoder_parse_charstrings()" function (src/psaux/t1decode.c) and can be exploited to corrupt memory by tricking a user into processing a specially crafted PostScript Type1 font in an application using the library.
The vulnerability is reported in version 2.4.5. Other versions may also be affected.
Solution
Do not open untrusted documents or fonts.
References:
Original Advisory
Secunia:

The Wall

No comments
You need to sign in to comment