remote code execution in freetype2, freetype2-devel

2006-06-27T12:24:46
ID SUSE-SA:2006:037
Type suse
Reporter Suse
Modified 2006-06-27T12:24:46

Description

The freetype2 library renders TrueType fonts for open source projects. More than 900 packages on SUSE Linux use this library. Therefore the integer overflows in this code found by Josh Bressers and Chris Evans might have a high impact on the security of a desktop system. The bugs can lead to a remote denial-of-service attack and may lead to remote command execution. The user needs to use a program that uses freetype2 (almost all GUI applications do) and let this program process malicious font data.

Solution

No work-around known.