FreeType Multilpe Vulnerabilities
Last Update Date:
8 Mar 2012 12:14
Release Date:
8 Mar 2012
4362
Views
RISK: High Risk
TYPE: Operating Systems - Linux
Multiple vulnerabilities have been identified in FreeType, which can be exploited by malicious people to potentially compromise an application using the library.
- An error in src/type1/t1parse.c when processing dictionaries can be exploited to cause heap-based memory corruption via a specially crafted Type1 font file.
- An error in src/bdf/bdflib.c when processing the encoding field can be exploited to cause heap-based memory corruption via a specially crafted Bitmap Distribution Format (BDF) font file.
- An error in src/winfonts/winfnt.c when processing the number of glyphs can be exploited to cause heap-based memory corruption via a specially crafted TrueType font file.
- An error in src/truetype/ttgload.c when handling the zone2 pointer point can be exploited to cause heap-based memory corruption via a specially crafted TrueType font file.
- An error in src/bdf/bdflib.c when processing negative encoding values can be exploited to cause heap-based memory corruption via a specially crafted Bitmap Distribution Format (BDF) font file.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- FreeType 2.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Fixed in the GIT repository
Vulnerability Identifier
- CVE-2012-1126
- CVE-2012-1127
- CVE-2012-1128
- CVE-2012-1129
- CVE-2012-1130
- CVE-2012-1131
- CVE-2012-1132
- CVE-2012-1133
- CVE-2012-1134
- CVE-2012-1135
- CVE-2012-1136
- CVE-2012-1137
- CVE-2012-1138
- CVE-2012-1139
- CVE-2012-1140
- CVE-2012-1141
- CVE-2012-1142
- CVE-2012-1143
- CVE-2012-1144
Source
Related Link
Share with