| |||||||||||||||||||
MeeGo alert MeeGo-SA-10:31 (freetype)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:31.freetype Security Advisory MeeGo Project Topic: Multiple Vulnerabilities in Freetype Category: Graphics Module: freetype Announced: October 9, 2010 Affects: MeeGo 1.0 Corrected: October 9, 2010 MeeGo BID: 5897, 5904, 5907, 5908, 5910, 5911, 5923, 5925, 5931, 5934, 5984, 5990 & 5993 CVE: CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2519, CVE-2010-2500, CVE-2010-2520, CVE-2010-2527, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-2541, CVE-2010-3053 & CVE-2010-3054 For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://www.MeeGo.com/>. I. Background The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library. II. Problem Description CVE-2010-2497: Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 Base: 6.8 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2498: The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. CVSS v2 Base: 6.8 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2499: Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment. CVSS v2 Base: 6.8 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2519: Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file. CVSS v2 Base: 6.8 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2500: Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 Base: 6.8 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2520: Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 Base: 5.1 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2527: Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 Base: 6.8 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2805: The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 Base: 6.8 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2806: Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. CVSS v2 Base: 6.8 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2807: FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 Base: 6.8 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2808: Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. CVSS v2 Base: 6.8 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-2541: Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVSS v2 Base: 6.8 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-3053: bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string. CVSS v2 Base: 4.3 (MEDIUM) Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism CVE-2010-3054: Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c. CVSS v2 Base: 5.0 (MEDIUM) Access Vector: Network exploitable III. Impact CVE-2010-2497: Unauthorized discloseure of information, modification or disruption of service due to numeric errors (CWE-189) CVE-2010-2498: Unauthorized discloseure of information, modification or disruption of service due to resource management errors (CWE-399) CVE-2010-2499: Unauthorized discloseure of information, modification or disruption of service due to buffer errors (CWE-119) CVE-2010-2519: Unauthorized discloseure of information, modification or disruption of service due to buffer errors (CWE-119) CVE-2010-2500: Unauthorized discloseure of information, modification or disruption of service due to numeric errors (CWE-189) CVE-2010-2520: Unauthorized discloseure of information, modification or disruption of service due to buffer errors (CWE-119) CVE-2010-2527: Unauthorized discloseure of information, modification or disruption of service due to buffer errors (CWE-119) CVE-2010-2805: Unauthorized discloseure of information, modification or disruption of service due to input validation errors (CWE-20) CVE-2010-2806: Unauthorized discloseure of information, modification or disruption of service due to resource management errors (CWE-399) CVE-2010-2807: Unauthorized discloseure of information, modification or disruption of service due to numeric errors (CWE-189) CVE-2010-2808: Unauthorized discloseure of information, modification or disruption of service due to buffer errors (CWE-119) CVE-2010-2541: Unauthorized discloseure of information, modification or disruption of service due to buffer errors (CWE-119) CVE-2010-3053: Unauthorized discloseure of information, modification or disruption of service due to input validation errors (CWE-20) CVE-2010-3054: Disruption of service IV. Workaround None V. Solution Update to package freetype-2.4.2-15.1 or later. VI. References http://bugs.meego.com/show_bug.cgi?id=5897 http://bugs.meego.com/show_bug.cgi?id=5904 http://bugs.meego.com/show_bug.cgi?id=5907 http://bugs.meego.com/show_bug.cgi?id=5908 http://bugs.meego.com/show_bug.cgi?id=5910 http://bugs.meego.com/show_bug.cgi?id=5911 http://bugs.meego.com/show_bug.cgi?id=5923 http://bugs.meego.com/show_bug.cgi?id=5925 http://bugs.meego.com/show_bug.cgi?id=5931 http://bugs.meego.com/show_bug.cgi?id=5934 http://bugs.meego.com/show_bug.cgi?id=5984 http://bugs.meego.com/show_bug.cgi?id=5990 http://bugs.meego.com/show_bug.cgi?id=5993 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-... http://cwe.mitre.org/data/definitions/189.html http://cwe.mitre.org/data/definitions/399.html http://cwe.mitre.org/data/definitions/119.html http://cwe.mitre.org/data/definitions/20.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (Darwin) iQEcBAEBAgAGBQJNN6kPAAoJEEsJm1wYvCMblHwH/2s3FWGcuZrtnMBf+6X8d6yw QCVJZd0CJFxXAyJ67+Fsj4KWpaxy7/kElyF4YypaJ+YtW11AUg6MQ3nmt6gymicr 5iBgMose+Wa1hRVIUTaSh90fzCmcUtWULOcT/iSnoFLtEAlhfGURWt3cCzu0bdp+ NpJFeWEwZW8Fg/chEb7HmFwynfHQG+0RzPFWSdxSZjO1m1Eo42M3wp2fLSvNpBQg KMPO0KI8jdjwem9sAIcs1fB9TWN6hCTPRPw5TRwitucUQA8/GuYvzdoPQglMEvWK r64pXLJ/gMFhekVupancGcGlAVY/I7B0nyOTBGqQxv+rnOyB3yw+QHMHFlgOrjA= =CsH/ -----END PGP SIGNATURE----- _______________________________________________ MeeGo-security mailing list MeeGo-security@meego.com http://lists.meego.com/listinfo/meego-security (Log in to post comments)
|
|||||||||||||||||||