Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2116-1
HistoryOct 04, 2010 - 12:00 a.m.

freetype - integer overflow

2010-10-0400:00:00
Google
osv.dev
9
JSON

Marc Schoenefeld has found an input stream position error in the
way the FreeType font rendering engine processed input file streams.
If a user loaded a specially-crafted font file with an application
linked against FreeType and relevant font glyphs were subsequently
rendered with the X FreeType library (libXft), it could cause the
application to crash or, possibly execute arbitrary code.

After the upgrade, all running applications and services that use
libfreetype6 should be restarted. In most cases, logging out and
in again should be enough. The script checkrestart from the
debian-goodies package or lsof may help to find out which
processes are still using the old version of libfreetype6.

For the stable distribution (lenny), these problems have been fixed in
version 2.3.7-2+lenny4.

The testing distribution (squeeze) and the unstable distribution (sid)
are not affected by this problem.

We recommend that you upgrade your freetype packages.

JSON