<<< Date Index >>>     <<< Thread Index >>>

[OpenPKG-SA-2006.017] OpenPKG Security Advisory (freetype)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory                            The OpenPKG Project
http://www.openpkg.org/security/                  http://www.openpkg.org
openpkg-security@xxxxxxxxxxx                         openpkg@xxxxxxxxxxx
OpenPKG-SA-2006.017                                          28-Jul-2006
________________________________________________________________________

Package:             freetype
Vulnerability:       denial of service, arbitrary code execution
OpenPKG Specific:    no

Affected Releases:   Affected Packages:       Corrected Packages:
OpenPKG CURRENT      N.A.                     N.A.
OpenPKG 2-STABLE     N.A.                     N.A.
OpenPKG 2.5-RELEASE  <= freetype-2.1.10-2.5.0 >= freetype-2.1.10-2.5.1

Description:
  Multiple security issues exist in the FreeType [1] font rendering
  library before version 2.2:

  An integer overflow allows remote attackers to cause a Denial of
  Service (DoS) and possibly execute arbitrary code via unknown vectors,
  as demonstrated by the Red Hat "bad1.pcf" test file, due to a partial
  fix of CVE-2006-1861. The Common Vulnerabilities and Exposures (CVE)
  project assigned the id CVE-2006-3467 [2] to the problem.

  Remote attackers can cause a Denial of Service (DoS) via a specially
  crafted font file that triggers a NULL dereference. The Common
  Vulnerabilities and Exposures (CVE) project assigned the id
  CVE-2006-2661 [3] to the problem.

  Multiple integer overflows allow remote attackers to cause a
  Denial of Service (DoS) and possibly execute arbitrary code. The
  Common Vulnerabilities and Exposures (CVE) project assigned the
  id CVE-2006-1861 [4] to the problem. Parts of this issue the
  Common Vulnerabilities and Exposures (CVE) project assigned the id
  CVE-2006-2493, which is now rejected.

  Integer underflow allows remote attackers to cause a Denial of Service
  (DoS) via a specially crafted font file with an odd number of "blue"
  values, which causes the underflow when decrementing by 2 in a context
  that assumes an even number of values. The Common Vulnerabilities
  and Exposures (CVE) project assigned the id CVE-2006-0747 [5] to the
  problem.

  An additional flaw causes some programs to go into an infinite loop
  and this way cause a Denial of Service (DoS) when dealing with fonts
  that don't have a properly sorted kerning sub-table.
________________________________________________________________________

References:
  [1] http://www.freetype.org/
  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467
  [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2661
  [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861
  [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0747
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@xxxxxxxxxxx>" (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from http://pgp.openpkg.org and
hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org
for details on how to verify the integrity of this advisory.
________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@xxxxxxxxxxx>

iD8DBQFEyfw3gHWT4GPEy58RAiB1AKDKGX5q6ovQuoQXjnV9KY3jvCLJNgCgxCdg
difG4d5DnORPqstdPAUejm8=
=hbbe
-----END PGP SIGNATURE-----