FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

freetype -- LWFN Files Buffer Overflow Vulnerability

Affected packages
freetype2 < 2.1.10_5

Details

VuXML ID b975763f-5210-11db-8f1a-000a48049292
Discovery 2006-07-10
Entry 2006-10-02

SecurityTracker reports:

A vulnerability was reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted font file that, when loaded by the target user's system, will trigger an integer underflow or integer overflow and crash the application or execute arbitrary code on the target system.

Chris Evans reported these vulnerabilities.

Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

[source]

References

Bugtraq ID 18034
CVE Name CVE-2006-0747
CVE Name CVE-2006-1861
CVE Name CVE-2006-3467
URL http://securitytracker.com/alerts/2006/Jul/1016522.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.