FreeType src/pshinter/pshglob.c:psh_blues_set_zones_0() Function Integer Overflow

2006-06-11T09:03:54
ID OSVDB:34169
Type osvdb
Reporter Josh Bressers(), Chris Evans(scarybeasts@gmail.com)
Modified 2006-06-11T09:03:54

Description

Solution Description

Upgrade to version 2.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor URL: http://www.freetype.org/ Vendor Specific News/Changelog Entry: https://bugs.freedesktop.org/show_bug.cgi?id=7535 Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:20100 Secunia Advisory ID:21567 Secunia Advisory ID:21626 Secunia Advisory ID:22332 Secunia Advisory ID:22875 Secunia Advisory ID:21062 Secunia Advisory ID:21285 Secunia Advisory ID:21606 Secunia Advisory ID:21701 Secunia Advisory ID:21798 Secunia Advisory ID:22027 Secunia Advisory ID:23400 Secunia Advisory ID:27271 Secunia Advisory ID:21135 Secunia Advisory ID:21144 Secunia Advisory ID:21446 Secunia Advisory ID:21450 Secunia Advisory ID:21566 Secunia Advisory ID:21793 Secunia Advisory ID:21836 Secunia Advisory ID:21232 Secunia Advisory ID:22907 Secunia Advisory ID:23939 Related OSVDB ID: 27255 Related OSVDB ID: 34170 RedHat RHSA: RHSA-2006:0635 RedHat RHSA: RHSA-2006:0500 RedHat RHSA: RHSA-2006:0634 Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Aug/0002.html Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200609-04.xml Other Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html Other Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:129 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0211.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0212.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0213.html Keyword: VMSA-2006-0005 Keyword: VMSA-2006-0007 Keyword: VMSA-2006-0008 Keyword: VMSA-2006-0006 Generic Exploit URL: http://scary.beasts.org/security/CESA-2006-001.html CVE-2006-3467