Several vulnerabilities have been discovered in the FreeType font
library. The Common Vulnerabilities and Exposures project identifies the
following problems:
- CVE-2010-1797
Multiple stack-based buffer overflows in the
cff_decoder_parse_charstrings function in the CFF Type2 CharStrings
interpreter in cff/cffgload.c in FreeType allow remote attackers to
execute arbitrary code or cause a denial of service (memory
corruption) via crafted CFF opcodes in embedded fonts in a PDF
document, as demonstrated by JailbreakMe.
- CVE-2010-2541
Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted font file.
- CVE-2010-2805
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType does
not properly validate certain position values, which allows remote
attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via a crafted font file
- CVE-2010-2806
Array index error in the t42_parse_sfnts function in
type42/t42parse.c in FreeType allows remote attackers to cause a
denial of service (application crash) or possibly execute arbitrary
code via negative size values for certain strings in FontType42 font
files, leading to a heap-based buffer overflow.
- CVE-2010-2807
FreeType uses incorrect integer data types during bounds checking,
which allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
font file.
- CVE-2010-2808
Buffer overflow in the Mac_Read_POST_Resource function in
base/ftobjs.c in FreeType allows remote attackers to cause a denial
of service (memory corruption and application crash) or possibly
execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka
LWFN) font.
- CVE-2010-3053
bdf/bdflib.c in FreeType allows remote attackers to cause a denial of
service (application crash) via a crafted BDF font file, related to
an attempted modification of a value in a static string.
For the stable distribution (lenny), these problems have been fixed in
version 2.3.7-2+lenny3
For the unstable distribution (sid) and the testing distribution
(squeeze), these problems have been fixed in version 2.4.2-1
We recommend that you upgrade your freetype package.