7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Tavis Ormandy discovered several integer overflows in FreeType, a library
to process and access font files, resulting in heap- or stack-based
buffer overflows leading to application crashes or the execution
of arbitrary code via a crafted font file.
For the oldstable distribution (etch), this problem has been fixed in
version 2.2.1-5+etch4.
For the stable distribution (lenny), this problem has been fixed in
version 2.3.7-2+lenny1.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 2.3.9-4.1.
We recommend that you upgrade your freetype packages.