| |||||||||||||||||||
Mageia alert MGASA-2012-0369 (freetype2)
MGASA-2012-0369 Date: December 27th, 2012 Affected releases: 2 Description: A null pointer de-reference flaw was found in the way Freetype font rendering engine handled Glyph bitmap distribution format (BDF) fonts. A remote attacker could provide a specially-crafted BDF font file, which once processed in an application linked against FreeType would lead to that application crash (CVE-2012-5668). An out-of heap-based buffer read flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially-crafted BDF font file, which once opened in an application linked against FreeType would lead to that application crash (CVE-2012-5669). An out-of heap-based buffer write flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially-crafted font file, which once opened in an application linked against FreeType would lead to that application crash, or, potentially, arbitrary code execution with the privileges of the user running the application (CVE-2012-5670). Updated Packages: freetype2-demos-2.4.9-1.1.mga2 lib(64)freetype6-2.4.9-1.1.mga2 lib(64)freetype6-devel-2.4.9-1.1.mga2 lib(64)freetype6-static-devel-2.4.9-1.1.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5668 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5669 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5670 http://www.openwall.com/lists/oss-security/2012/12/25/2 https://bugzilla.redhat.com/show_bug.cgi?id=890087 https://bugzilla.redhat.com/show_bug.cgi?id=890088 https://bugzilla.redhat.com/show_bug.cgi?id=890094 https://bugs.mageia.org/show_bug.cgi?id=8497 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||