7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
FreeType is Integer Overflows. Due to several integer overflow flaws in the FreeType 2 font engine, if a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5
git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b
git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e
git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog
lists.apple.com/archives/security-announce/2009/jun/msg00002.html
lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
lists.apple.com/archives/security-announce/2009/May/msg00002.html
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
secunia.com/advisories/34723
secunia.com/advisories/34913
secunia.com/advisories/34967
secunia.com/advisories/35065
secunia.com/advisories/35074
secunia.com/advisories/35198
secunia.com/advisories/35200
secunia.com/advisories/35204
secunia.com/advisories/35210
secunia.com/advisories/35379
security.gentoo.org/glsa/glsa-200905-05.xml
sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1
support.apple.com/kb/HT3549
support.apple.com/kb/HT3613
support.apple.com/kb/HT3639
support.apple.com/kb/HT4435
www.debian.org/security/2009/dsa-1784
www.mandriva.com/security/advisories?name=MDVSA-2009:243
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2009-0329.html
www.redhat.com/support/errata/RHSA-2009-1061.html
www.redhat.com/support/errata/RHSA-2009-1062.html
www.redhat.com/support/policy/soc/production/
www.securityfocus.com/bid/34550
www.ubuntu.com/usn/USN-767-1
www.us-cert.gov/cas/techalerts/TA09-133A.html
www.vupen.com/english/advisories/2009/1058
www.vupen.com/english/advisories/2009/1297
www.vupen.com/english/advisories/2009/1522
www.vupen.com/english/advisories/2009/1621
access.redhat.com/errata/RHSA-2009:0329
bugzilla.redhat.com/show_bug.cgi?id=491384
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10149