FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeType 2 -- Heap overflow vulnerability

Affected packages
freetype2 < 2.2.1_2

Details

VuXML ID de2fab2d-0a37-11dc-aae2-00304881ac9a
Discovery 2007-04-27
Entry 2007-05-24

Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.

References

CVE Name CVE-2007-2754
FreeBSD PR ports/112769
Message http://lists.gnu.org/archive/html/freetype-devel/2007-04/msg00041.html
URL http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2754
URL https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240200