LWN.net Logo

freetype2: multiple vulnerabilities

Package(s):freetype2 CVE #(s):CVE-2012-5668 CVE-2012-5669 CVE-2012-5670
Created:December 28, 2012 Updated:April 8, 2013
Description:

From the Mageia advisory:

A null pointer de-reference flaw was found in the way Freetype font rendering engine handled Glyph bitmap distribution format (BDF) fonts. A remote attacker could provide a specially-crafted BDF font file, which once processed in an application linked against FreeType would lead to that application crash (CVE-2012-5668).

An out-of heap-based buffer read flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially-crafted BDF font file, which once opened in an application linked against FreeType would lead to that application crash (CVE-2012-5669).

An out-of heap-based buffer write flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially-crafted font file, which once opened in an application linked against FreeType would lead to that application crash, or, potentially, arbitrary code execution with the privileges of the user running the application (CVE-2012-5670).

Alerts:
Mageia MGASA-2012-0369 2012-12-27
Ubuntu USN-1686-1 2013-01-14
Slackware SSA:2013-015-01 2013-01-15
openSUSE openSUSE-SU-2013:0165-1 2013-01-23
openSUSE openSUSE-SU-2013:0177-1 2013-01-23
openSUSE openSUSE-SU-2013:0189-1 2013-01-23
Red Hat RHSA-2013:0216-01 2013-01-31
CentOS CESA-2013:0216 2013-01-31
CentOS CESA-2013:0216 2013-02-01
Mandriva MDVSA-2013:006 2013-02-01
Oracle ELSA-2013-0216 2013-02-01
Oracle ELSA-2013-0216 2013-02-01
Scientific Linux SL-free-20130201 2013-02-01
Fedora FEDORA-2013-1492 2013-02-05
Fedora FEDORA-2013-1466 2013-02-12
Mandriva MDVSA-2013:039 2013-04-05

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds