freetype2 -- multiple vulnerabilities

2009-04-16T00:00:00
ID 20B4F284-2BFC-11DE-BDEB-0030843D3802
Type freebsd
Reporter FreeBSD
Modified 2009-04-16T00:00:00

Description

Secunia reports:

Some vulnerabilities have been reported in FreeType, which can be exploited by malicious people to potentially compromise an application using the library. An integer overflow error within the "cff_charset_compute_cids()" function in cff/cffload.c can be exploited to potentially cause a heap-based buffer overflow via a specially crafted font. Multiple integer overflow errors within validation functions in sfnt/ttcmap.c can be exploited to bypass length validations and potentially cause buffer overflows via specially crafted fonts. An integer overflow error within the "ft_smooth_render_generic()" function in smooth/ftsmooth.c can be exploited to potentially cause a heap-based buffer overflow via a specially crafted font.