[OpenPKG-SA-2006.017] OpenPKG Security Advisory (freetype)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
http://www.openpkg.org/security/ http://www.openpkg.org
openpkg-security@xxxxxxxxxxx openpkg@xxxxxxxxxxx
OpenPKG-SA-2006.017 28-Jul-2006
________________________________________________________________________
Package: freetype
Vulnerability: denial of service, arbitrary code execution
OpenPKG Specific: no
Affected Releases: Affected Packages: Corrected Packages:
OpenPKG CURRENT N.A. N.A.
OpenPKG 2-STABLE N.A. N.A.
OpenPKG 2.5-RELEASE <= freetype-2.1.10-2.5.0 >= freetype-2.1.10-2.5.1
Description:
Multiple security issues exist in the FreeType [1] font rendering
library before version 2.2:
An integer overflow allows remote attackers to cause a Denial of
Service (DoS) and possibly execute arbitrary code via unknown vectors,
as demonstrated by the Red Hat "bad1.pcf" test file, due to a partial
fix of CVE-2006-1861. The Common Vulnerabilities and Exposures (CVE)
project assigned the id CVE-2006-3467 [2] to the problem.
Remote attackers can cause a Denial of Service (DoS) via a specially
crafted font file that triggers a NULL dereference. The Common
Vulnerabilities and Exposures (CVE) project assigned the id
CVE-2006-2661 [3] to the problem.
Multiple integer overflows allow remote attackers to cause a
Denial of Service (DoS) and possibly execute arbitrary code. The
Common Vulnerabilities and Exposures (CVE) project assigned the
id CVE-2006-1861 [4] to the problem. Parts of this issue the
Common Vulnerabilities and Exposures (CVE) project assigned the id
CVE-2006-2493, which is now rejected.
Integer underflow allows remote attackers to cause a Denial of Service
(DoS) via a specially crafted font file with an odd number of "blue"
values, which causes the underflow when decrementing by 2 in a context
that assumes an even number of values. The Common Vulnerabilities
and Exposures (CVE) project assigned the id CVE-2006-0747 [5] to the
problem.
An additional flaw causes some programs to go into an infinite loop
and this way cause a Denial of Service (DoS) when dealing with fonts
that don't have a properly sorted kerning sub-table.
________________________________________________________________________
References:
[1] http://www.freetype.org/
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2661
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0747
________________________________________________________________________
For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@xxxxxxxxxxx>" (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from http://pgp.openpkg.org and
hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org
for details on how to verify the integrity of this advisory.
________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@xxxxxxxxxxx>
iD8DBQFEyfw3gHWT4GPEy58RAiB1AKDKGX5q6ovQuoQXjnV9KY3jvCLJNgCgxCdg
difG4d5DnORPqstdPAUejm8=
=hbbe
-----END PGP SIGNATURE-----