6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
FreeType is vulnerable to Denial Of Service (DoS). Due to an invalid memory management flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8d22746c9e5af80ff4304aef440986403a5072e2
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html
marc.info/?l=oss-security&m=127905701201340&w=2
marc.info/?l=oss-security&m=127909326909362&w=2
secunia.com/advisories/48951
securitytracker.com/id?1024266
support.apple.com/kb/HT4435
www.debian.org/security/2010/dsa-2070
www.mandriva.com/security/advisories?name=MDVSA-2010:137
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2010-0578.html
www.ubuntu.com/usn/USN-963-1
access.redhat.com/errata/RHSA-2010:0578
bugzilla.redhat.com/show_bug.cgi?id=613160
savannah.nongnu.org/bugs/?30106