Lucene search
SuseSUSE-SA:2006:037HistoryJun 27, 2006 - 12:24 p.m.
remote code execution in freetype2, freetype2-devel
2006-06-2712:24:46
lists.opensuse.org
17
0.402 Medium
EPSS
Percentile
96.9%
The freetype2 library renders TrueType fonts for open source projects. More than 900 packages on SUSE Linux use this library. Therefore the integer overflows in this code found by Josh Bressers and Chris Evans might have a high impact on the security of a desktop system. The bugs can lead to a remote denial-of-service attack and may lead to remote command execution. The user needs to use a program that uses freetype2 (almost all GUI applications do) and let this program process malicious font data.
Solution
No work-around known.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 10.1 | x86_64 | freetype2-devel-32bit | < 2.1.10-18.3 | freetype2-devel-32bit-2.1.10-18.3.x86_64.rpm |
| openSUSE | 10.1 | x86_64 | freetype2 | < 2.1.10-18.3 | freetype2-2.1.10-18.3.x86_64.rpm |
| openSUSE | 9.2 | i586 | freetype2 | < 2.1.9-3.2 | freetype2-2.1.9-3.2.i586.rpm |
| openSUSE | 9.2 | x86_64 | freetype2 | < 2.1.9-3.2 | freetype2-2.1.9-3.2.x86_64.rpm |
| openSUSE | 10.1 | ppc | freetype2-devel | < 2.1.10-18.3 | freetype2-devel-2.1.10-18.3.ppc.rpm |
| openSUSE | 10.0 | i586 | freetype2 | < 2.1.10-4.2 | freetype2-2.1.10-4.2.i586.rpm |
| openSUSE | 10.0 | i586 | freetype2-devel | < 2.1.10-4.2 | freetype2-devel-2.1.10-4.2.i586.rpm |
| openSUSE | 10.1 | x86_64 | freetype2-devel | < 2.1.10-18.3 | freetype2-devel-2.1.10-18.3.x86_64.rpm |
| openSUSE | 9.3 | i586 | freetype2-devel | < 2.1.9-4.2 | freetype2-devel-2.1.9-4.2.i586.rpm |
| openSUSE | 10.0 | x86_64 | freetype2-32bit | < 2.1.10-4.2 | freetype2-32bit-2.1.10-4.2.x86_64.rpm |
Related
nessus
nessus
Ubuntu 5.04 / 5.10 / 6.06 LTS : freetype vulnerabilities (USN-291-1)
2007-11-10 00:00:00
Mandrake Linux Security Advisory : freetype2 (MDKSA-2006:099-1)
2006-06-16 00:00:00
CentOS 3 / 4 : freetype (CESA-2006:0500)
2006-07-19 00:00:00
osv
osv
freetype - integer overflows
2006-06-10 00:00:00
debian
debian
[SECURITY] [DSA 1095-1] New freetype packages fix several vulnerabilities
2006-06-10 05:22:33
redhat
redhat
(RHSA-2006:0500) freetype security update
2006-07-18 00:00:00
(RHSA-2009:1062) Important: freetype security update
2009-05-22 00:00:00
(RHSA-2009:0329) Important: freetype security update
2009-05-22 00:00:00
centos
centos
freetype security update
2006-07-18 22:54:54
freetype security update
2006-07-18 12:29:16
freetype security update
2009-05-22 14:02:05
openvas
openvas
Debian Security Advisory DSA 1095-1 (freetype)
2008-01-17 00:00:00
Ubuntu: Security Advisory (USN-291-1)
2022-08-26 00:00:00
Debian: Security Advisory (DSA-1095-1)
2008-01-17 00:00:00
ubuntu
ubuntu
FreeType vulnerabilities
2006-06-08 00:00:00
oraclelinux
oraclelinux
Moderate: freetype security update
2007-04-16 00:00:00
freetype security update
2009-05-26 00:00:00
freebsd
freebsd
freetype -- LWFN Files Buffer Overflow Vulnerability
2006-07-10 00:00:00
prion
prion
Design/Logic Flaw
2006-05-30 19:02:00
Integer overflow
2006-05-23 10:06:00
Integer overflow
2006-05-23 10:06:00
ubuntucve
ubuntucve
debiancve
debiancve
cve
cve
gentoo
gentoo
FreeType: Multiple integer overflows
2006-07-09 00:00:00
NX 2.1: User-assisted execution of arbitrary code
2007-10-09 00:00:00
FreeType 1: User-assisted execution of arbitrary code
2010-06-01 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:31:37
slackware
slackware
[slackware-security] x11
2006-07-26 21:25:09
fedora
fedora
[SECURITY] Fedora 11 Update: freetype1-1.4-0.8.pre.fc11
2009-05-28 08:17:11
[SECURITY] Fedora 10 Update: freetype1-1.4-0.8.pre.fc10
2009-05-28 08:01:17
securityvulns
securityvulns
About the security content of Security Update 2009-002 / Mac OS X v10.5.7
2009-05-14 00:00:00