{"result": {"cve": [{"id": "CVE-2007-2754", "type": "cve", "title": "CVE-2007-2754", "description": "Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.", "published": "2007-05-17T18:30:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2754", "cvelist": ["CVE-2007-2754"], "lastseen": "2016-09-03T08:55:59"}], "oraclelinux": [{"id": "ELSA-2007-0403", "type": "oraclelinux", "title": "Moderate: freetype security update ", "description": " [2.1.9-6.el4]\n - Add freetype-2.1.9-ttf-overflow.patch\n - Resolves: #240574 ", "published": "2007-06-11T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2007-0403.html", "cvelist": ["CVE-2007-2754"], "lastseen": "2016-09-04T11:16:55"}, {"id": "ELSA-2009-0329", "type": "oraclelinux", "title": "freetype security update", "description": "[2.1.9-10.el4.7]\n- Improve freetype-1.4pre-CVE-2008-1808.patch\n[2.1.9-9.el4.7]\n- Add freetype-2009-CVEs.patch (Fixes CVE-2009-0946)\n (Doesn't apply to freetype1)\n- Add freetype-1.4pre-CVE-2008-1808.patch\n (Corresponds to freetype-2.3.5-CVEs.patch)\n- Add freetype-pre1.4-ttf-overflow.patch\n (Corresponds to freetype-2.1.9-ttf-overflow.patch;\n freetype-2.2.1-bdf-overflow.patch doesn't apply to freetype1)\n- Add freetype-pre1.4-CVE-2006-1861-null-pointer.patch\n (Corresponds to freetype-2.1.9-CVE-2006-1861-null-pointer.patch;\n The rest of CVS-2006-1861 doesn't apply to freetype1)\n- Resolves: #484443\n[2.1.9-8.1.el4]\n- Update patches to remove fuzz, such that it builds again\n- In preparation to fix:\n- Resolves: #484443", "published": "2009-05-26T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2009-0329.html", "cvelist": ["CVE-2009-0946", "CVE-2008-1808", "CVE-2007-2754", "CVE-2006-1861"], "lastseen": "2016-09-04T11:16:48"}], "openvas": [{"id": "OPENVAS:65057", "type": "openvas", "title": "SLES9: Security update for freetype2", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n freetype2-devel\n freetype2\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016218 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65057", "cvelist": ["CVE-2007-2754"], "lastseen": "2017-07-02T21:14:01"}, {"id": "OPENVAS:840016", "type": "openvas", "title": "Ubuntu Update for freetype vulnerability USN-466-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-466-1", "published": "2009-03-23T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=840016", "cvelist": ["CVE-2007-2754"], "lastseen": "2017-07-02T21:13:53"}, {"id": "OPENVAS:1361412562310122697", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2007-0403", "description": "Oracle Linux Local Security Checks ELSA-2007-0403", "published": "2015-10-08T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122697", "cvelist": ["CVE-2007-2754"], "lastseen": "2017-07-24T12:52:42"}, {"id": "OPENVAS:830015", "type": "openvas", "title": "Mandriva Update for freetype2 MDKSA-2007:121 (freetype2)", "description": "Check for the Version of freetype2", "published": "2009-04-09T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830015", "cvelist": ["CVE-2007-2754"], "lastseen": "2017-07-24T12:56:31"}, {"id": "OPENVAS:850084", "type": "openvas", "title": "SuSE Update for freetype2 SUSE-SA:2007:041", "description": "Check for the Version of freetype2", "published": "2009-01-28T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=850084", "cvelist": ["CVE-2007-2754"], "lastseen": "2017-07-02T21:13:47"}, {"id": "OPENVAS:861259", "type": "openvas", "title": "Fedora Update for freetype FEDORA-2007-0033", "description": "Check for the Version of freetype", "published": "2009-02-27T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=861259", "cvelist": ["CVE-2007-2754"], "lastseen": "2017-07-02T21:13:52"}, {"id": "OPENVAS:58300", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200705-22 (freetype)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200705-22.", "published": "2008-09-24T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=58300", "cvelist": ["CVE-2007-2754"], "lastseen": "2017-07-24T12:49:56"}, {"id": "OPENVAS:58851", "type": "openvas", "title": "FreeBSD Ports: freetype2", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=58851", "cvelist": ["CVE-2007-2754"], "lastseen": "2017-07-02T21:10:15"}, {"id": "OPENVAS:58466", "type": "openvas", "title": "Debian Security Advisory DSA 1334-1 (freetype)", "description": "The remote host is missing an update to freetype\nannounced via advisory DSA 1334-1.", "published": "2008-01-17T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=58466", "cvelist": ["CVE-2007-2754"], "lastseen": "2017-07-24T12:50:06"}, {"id": "OPENVAS:66004", "type": "openvas", "title": "SLES10: Security update for freetype2", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n freetype2\n freetype2-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "published": "2009-10-13T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=66004", "cvelist": ["CVE-2007-2754"], "lastseen": "2017-07-02T21:13:49"}], "nessus": [{"id": "SOLARIS10_119812.NASL", "type": "nessus", "title": "Solaris 10 (sparc) : 119812-22", "description": "X11 6.6.2: FreeType patch.\nDate this patch was last updated by Sun : Apr/27/17", "published": "2007-02-18T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=24371", "cvelist": ["CVE-2007-2754"], "lastseen": "2017-04-28T18:47:09"}, {"id": "DEBIAN_DSA-1334.NASL", "type": "nessus", "title": "Debian DSA-1334-1 : freetype - integer overflow", "description": "A problem was discovered with freetype, a FreeType2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.", "published": "2007-07-23T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25743", "cvelist": ["CVE-2007-2754"], "lastseen": "2016-09-26T17:24:19"}, {"id": "SOLARIS8_124420.NASL", "type": "nessus", "title": "Solaris 8 (sparc) : 124420-04", "description": "X11 6.4.1: freetype2 patch.\nDate this patch was last updated by Sun : Aug/11/08", "published": "2007-02-18T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=24396", "cvelist": ["CVE-2007-2754"], "lastseen": "2016-09-26T17:26:25"}, {"id": "REDHAT-RHSA-2007-0403.NASL", "type": "nessus", "title": "RHEL 2.1 / 3 / 4 / 5 : freetype (RHSA-2007:0403)", "description": "Updated freetype packages that fix a security flaw are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nFreeType is a free, high-quality, portable font engine.\n\nAn integer overflow flaw was found in the way the FreeType font engine processed TTF font files. If a user loaded a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. (CVE-2007-2754)\n\nUsers of FreeType should upgrade to these updated packages, which contain a backported patch to correct this issue.", "published": "2007-06-12T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25476", "cvelist": ["CVE-2007-2754"], "lastseen": "2016-12-30T02:17:13"}, {"id": "GENTOO_GLSA-200705-22.NASL", "type": "nessus", "title": "GLSA-200705-22 : FreeType: Buffer overflow", "description": "The remote host is affected by the vulnerability described in GLSA-200705-22 (FreeType: Buffer overflow)\n\n Victor Stinner discovered a heap-based buffer overflow in the function Get_VMetrics() in src/truetype/ttgload.c when processing TTF files with a negative n_points attribute.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted TTF file, possibly resulting in the execution of arbitrary code with the privileges of the user running FreeType.\n Workaround :\n\n There is no known workaround at this time.", "published": "2007-06-01T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25361", "cvelist": ["CVE-2007-2754"], "lastseen": "2016-09-26T17:25:55"}, {"id": "FREEBSD_PKG_DE2FAB2D0A3711DCAAE200304881AC9A.NASL", "type": "nessus", "title": "FreeBSD : FreeType 2 -- Heap overflow vulnerability (de2fab2d-0a37-11dc-aae2-00304881ac9a)", "description": "Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.", "published": "2007-05-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25306", "cvelist": ["CVE-2007-2754"], "lastseen": "2016-09-26T17:25:28"}, {"id": "SUSE_FREETYPE2-3746.NASL", "type": "nessus", "title": "SuSE 10 Security Update : freetype2 (ZYPP Patch Number 3746)", "description": "This update of freetype2 fixes an integer signedness bug when handling TTF images. This bug can lead to a heap overflow that can be exploited to execute arbitrary code. (CVE-2007-2754)", "published": "2007-12-13T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29438", "cvelist": ["CVE-2007-2754"], "lastseen": "2016-09-26T17:26:31"}, {"id": "SUSE_FREETYPE2-3744.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : freetype2 (freetype2-3744)", "description": "This update of freetype2 fixes an integer signedness bug when handling TTF images. This bug can lead to a heap overflow that can be exploited to execute arbitrary code. (CVE-2007-2754)", "published": "2007-10-17T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27228", "cvelist": ["CVE-2007-2754"], "lastseen": "2016-09-26T17:23:30"}, {"id": "DEBIAN_DSA-1302.NASL", "type": "nessus", "title": "Debian DSA-1302-1 : freetype - integer overflow", "description": "A problem was discovered in freetype, a FreeType2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.", "published": "2007-06-12T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=25464", "cvelist": ["CVE-2007-2754"], "lastseen": "2016-09-26T17:23:49"}, {"id": "SUSE_FREETYPE2-3701.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : freetype2 (freetype2-3701)", "description": "This update of freetype2 fixes an integer signedness bug when handling TTF images. This bug can lead to a heap overflow that can be exploited to execute arbitrary code. (CVE-2007-2754)", "published": "2007-10-17T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27227", "cvelist": ["CVE-2007-2754"], "lastseen": "2016-09-26T17:24:09"}], "debian": [{"id": "DSA-1302", "type": "debian", "title": "freetype -- integer overflow", "description": "A problem was discovered in freetype, a FreeType2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.\n\nFor the stable distribution (etch), this problem has been fixed in version 2.2.1-5+etch1.\n\nFor the unstable distribution (sid), this problem has been fixed in version 2.2.1-6.\n\nWe recommend that you upgrade your freetype package.", "published": "2007-06-10T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-1302", "cvelist": ["CVE-2007-2754"], "lastseen": "2016-09-02T18:33:13"}], "ubuntu": [{"id": "USN-466-1", "type": "ubuntu", "title": "freetype vulnerability", "description": "Victor Stinner discovered that freetype did not correctly verify the \nnumber of points in a TrueType font. If a user were tricked into using \na specially crafted font, a remote attacker could execute arbitrary code \nwith user privileges.", "published": "2007-05-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.ubuntu.com/usn/usn-466-1", "cvelist": ["CVE-2007-2754"], "lastseen": "2017-05-01T08:29:28"}], "centos": [{"id": "CESA-2007:0403-01", "type": "centos", "title": "freetype security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:0403-01\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013901.html\n\n**Affected packages:**\nfreetype\nfreetype-devel\nfreetype-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2007-06-12T00:56:26", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-June/013901.html", "cvelist": ["CVE-2007-2754"], "lastseen": "2016-12-05T20:38:40"}, {"id": "CESA-2007:0403", "type": "centos", "title": "freetype security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:0403\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013887.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013888.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013889.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013890.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013894.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013895.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013906.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-June/013907.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\nfreetype-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0403.html", "published": "2007-06-11T09:27:08", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-June/013887.html", "cvelist": ["CVE-2007-2754"], "lastseen": "2016-12-05T19:57:59"}, {"id": "CESA-2009:0329", "type": "centos", "title": "freetype security update", "description": "**CentOS Errata and Security Advisory** CESA-2009:0329\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015887.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015888.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015932.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015934.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015936.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/015939.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\nfreetype-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-0329.html", "published": "2009-05-22T15:02:05", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2009-May/015887.html", "cvelist": ["CVE-2009-0946", "CVE-2008-1808", "CVE-2007-2754", "CVE-2006-1861"], "lastseen": "2016-12-05T19:58:07"}], "suse": [{"id": "SUSE-SA:2007:041", "type": "suse", "title": "remote code execution in freetype2", "description": "The TTF rendering library freetype2 was updated to fix an integer signedness bug when handling TTF images.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2007-07-04T13:46:33", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00003.html", "cvelist": ["CVE-2007-2754"], "lastseen": "2016-09-04T12:07:54"}], "redhat": [{"id": "RHSA-2007:0403", "type": "redhat", "title": "(RHSA-2007:0403) Moderate: freetype security update", "description": "FreeType is a free, high-quality, portable font engine.\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TTF font files. If a user loaded a carefully crafted font file\nwith a program linked against FreeType, it could cause the application to\ncrash or execute arbitrary code. While it is uncommon for a user to\nexplicitly load a font file, there are several application file formats\nwhich contain embedded fonts that are parsed by FreeType. (CVE-2007-2754)\n\nUsers of FreeType should upgrade to these updated packages, which contain\na backported patch to correct this issue.", "published": "2007-06-11T04:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2007:0403", "cvelist": ["CVE-2007-2754"], "lastseen": "2017-06-05T07:59:18"}, {"id": "RHSA-2009:0329", "type": "redhat", "title": "(RHSA-2009:0329) Important: freetype security update", "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide both the FreeType 1 and FreeType 2\nfont engines.\n\nTavis Ormandy of the Google Security Team discovered several integer\noverflow flaws in the FreeType 2 font engine. If a user loaded a\ncarefully-crafted font file with an application linked against FreeType 2,\nit could cause the application to crash or, possibly, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2009-0946)\n\nChris Evans discovered multiple integer overflow flaws in the FreeType font\nengine. If a user loaded a carefully-crafted font file with an application\nlinked against FreeType, it could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the user running\nthe application. (CVE-2006-1861)\n\nAn integer overflow flaw was found in the way the FreeType font engine\nprocessed TrueType\u00ae Font (TTF) files. If a user loaded a carefully-crafted\nfont file with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2007-2754)\n\nA flaw was discovered in the FreeType TTF font-file format parser when the\nTrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user\nloaded a carefully-crafted font file with an application linked against\nFreeType, it could cause the application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2008-1808)\n\nThe CVE-2008-1808 flaw did not affect the freetype packages as distributed\nin Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType\nBCI support. A fix for this flaw has been included in this update as users\nmay choose to recompile the freetype packages in order to enable TrueType\nBCI support. Red Hat does not, however, provide support for modified and\nrecompiled packages.\n\nNote: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754,\nand CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403,\nand RHSA-2008:0556 respectively. This update provides corresponding\nupdates for the FreeType 1 font engine, included in the freetype packages\ndistributed in Red Hat Enterprise Linux 3 and 4.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.", "published": "2009-05-22T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2009:0329", "cvelist": ["CVE-2006-1861", "CVE-2007-2754", "CVE-2008-1808", "CVE-2009-0946"], "lastseen": "2017-07-24T12:58:01"}], "osvdb": [{"id": "OSVDB:36509", "type": "osvdb", "title": "FreeType truetype/ttgload.c TTF Image Handling Overflow", "description": "# No description provided by the source\n\n## References:\nSecurity Tracker: 1018088\n[Secunia Advisory ID:25353](https://secuniaresearch.flexerasoftware.com/advisories/25353/)\n[Secunia Advisory ID:25483](https://secuniaresearch.flexerasoftware.com/advisories/25483/)\n[Secunia Advisory ID:25609](https://secuniaresearch.flexerasoftware.com/advisories/25609/)\n[Secunia Advisory ID:25705](https://secuniaresearch.flexerasoftware.com/advisories/25705/)\n[Secunia Advisory ID:25810](https://secuniaresearch.flexerasoftware.com/advisories/25810/)\n[Secunia Advisory ID:25350](https://secuniaresearch.flexerasoftware.com/advisories/25350/)\n[Secunia Advisory ID:25808](https://secuniaresearch.flexerasoftware.com/advisories/25808/)\n[Secunia Advisory ID:26129](https://secuniaresearch.flexerasoftware.com/advisories/26129/)\n[Secunia Advisory ID:25894](https://secuniaresearch.flexerasoftware.com/advisories/25894/)\n[Secunia Advisory ID:25386](https://secuniaresearch.flexerasoftware.com/advisories/25386/)\n[Secunia Advisory ID:25463](https://secuniaresearch.flexerasoftware.com/advisories/25463/)\n[Secunia Advisory ID:25612](https://secuniaresearch.flexerasoftware.com/advisories/25612/)\n[Secunia Advisory ID:25905](https://secuniaresearch.flexerasoftware.com/advisories/25905/)\n[Secunia Advisory ID:25654](https://secuniaresearch.flexerasoftware.com/advisories/25654/)\nRedHat RHSA: RHSA-2007:0403\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-May/000191.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:121\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc\nOther Advisory URL: http://lists.gnu.org/archive/html/freetype-devel/2007-04/msg00041.html\nOther Advisory URL: http://www.trustix.org/errata/2007/0019/\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200705-22.xml\nOther Advisory URL: http://www.ubuntu.com/usn/usn-466-1\nOther Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00095.html\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102967-1\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1302\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200707-02.xml\nOther Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00003.html\nOther Advisory URL: http://sourceforge.net/project/shownotes.php?release_id=518478&group_id=16768\nFrSIRT Advisory: ADV-2007-1894\nFrSIRT Advisory: ADV-2007-2229\n[CVE-2007-2754](https://vulners.com/cve/CVE-2007-2754)\nBugtraq ID: 24074\n", "published": "2007-05-22T12:03:42", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:36509", "cvelist": ["CVE-2007-2754"], "lastseen": "2017-04-28T13:20:32"}], "gentoo": [{"id": "GLSA-200705-22", "type": "gentoo", "title": "FreeType: Buffer overflow", "description": "### Background\n\nFreeType is a True Type Font rendering library. \n\n### Description\n\nVictor Stinner discovered a heap-based buffer overflow in the function Get_VMetrics() in src/truetype/ttgload.c when processing TTF files with a negative n_points attribute. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted TTF file, possibly resulting in the execution of arbitrary code with the privileges of the user running FreeType. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll FreeType users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/freetype-2.3.4-r2\"", "published": "2007-05-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200705-22", "cvelist": ["CVE-2007-2754"], "lastseen": "2016-09-06T19:46:01"}, {"id": "GLSA-200707-02", "type": "gentoo", "title": "OpenOffice.org: Two buffer overflows", "description": "### Background\n\nOpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. \n\n### Description\n\nJohn Heasman of NGSSoftware has discovered a heap-based buffer overflow when parsing the \"prdata\" tag in RTF files where the first token is smaller than the second one (CVE-2007-0245). Additionally, the OpenOffice binary program is shipped with a version of FreeType that contains an integer signedness error in the n_points variable in file truetype/ttgload.c, which was covered by GLSA 200705-22 (CVE-2007-2754). \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted document, possibly leading to execution of arbitrary code with the rights of the user running OpenOffice.org. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll OpenOffice.org users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/openoffice-2.2.1\"\n\nAll OpenOffice.org binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/openoffice-bin-2.2.1\"", "published": "2007-07-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200707-02", "cvelist": ["CVE-2007-0245", "CVE-2007-2754"], "lastseen": "2016-09-06T19:46:51"}, {"id": "GLSA-201006-01", "type": "gentoo", "title": "FreeType 1: User-assisted execution of arbitrary code", "description": "### Background\n\nFreeType is a True Type Font rendering library. \n\n### Description\n\nMultiple issues found in FreeType 2 were also discovered in FreeType 1. For details on these issues, please review the Gentoo Linux Security Advisories and CVE identifiers referenced below. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted TTF file, possibly resulting in the execution of arbitrary code with the privileges of the user running FreeType. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll FreeType 1 users should upgrade to an unaffected version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/freetype-1.4_pre20080316-r2\"\n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since May 27, 2009. It is likely that your system is already no longer affected by this issue.", "published": "2010-06-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201006-01", "cvelist": ["CVE-2007-2754", "CVE-2006-1861"], "lastseen": "2016-09-06T19:46:57"}], "freebsd": [{"id": "DE2FAB2D-0A37-11DC-AAE2-00304881AC9A", "type": "freebsd", "title": "FreeType 2 -- Heap overflow vulnerability", "description": "\n\nInteger signedness error in truetype/ttgload.c in Freetype 2.3.4 and\n earlier might allow remote attackers to execute arbitrary code via a\n crafted TTF image with a negative n_points value, which leads to an\n integer overflow and heap-based buffer overflow.\n\n", "published": "2007-04-27T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/de2fab2d-0a37-11dc-aae2-00304881ac9a.html", "cvelist": ["CVE-2007-2754"], "lastseen": "2016-09-26T17:25:02"}]}}