LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

freetype: arbitrary code execution

Package(s):freetype CVE #(s):CVE-2010-2805 CVE-2010-2806 CVE-2010-2807 CVE-2010-2808
Created:August 13, 2010 Updated:January 20, 2011
Description:

From the Pardus advisory:

CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808: Memory corruption flaws were found in the way FreeType font rendering engine processed certain Adobe Type 1 Mac Font File (LWFN) fonts. An attacker could use this flaw to create a specially-crafted font file that, when opened, would cause an application linked against libfreetype to crash, or, possibly execute arbitrary code.

Alerts:
MeeGo MeeGo-SA-10:31 2010-10-09
Red Hat RHSA-2010:0864-02 2010-11-10
Fedora FEDORA-2010-15785 2010-10-05
CentOS CESA-2010:0736 2010-10-05
CentOS CESA-2010:0737 2010-10-04
Red Hat RHSA-2010:0736-01 2010-10-04
Debian DSA-2105-1 2010-09-07
SUSE SUSE-SR:2010:016 2010-08-26
openSUSE openSUSE-SU-2010:0549-1 2010-08-25
Fedora FEDORA-2010-15705 2010-10-05
Mandriva MDVSA-2010:157 2010-08-22
Mandriva MDVSA-2010:156 2010-08-22
Ubuntu USN-972-1 2010-08-17
Pardus 2010-114 2010-08-12
CentOS CESA-2010:0737 2010-10-05
Red Hat RHSA-2010:0737-01 2010-10-04
Gentoo 201201-09 2012-01-23
SUSE SUSE-SU-2012:0553-1 2012-04-23
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds