-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security/ http://www.openpkg.org openpkg-security@openpkg.org openpkg@openpkg.org OpenPKG-SA-2006.017 28-Jul-2006 ________________________________________________________________________ Package: freetype Vulnerability: denial of service, arbitrary code execution OpenPKG Specific: no Affected Releases: Affected Packages: Corrected Packages: OpenPKG CURRENT N.A. N.A. OpenPKG 2-STABLE N.A. N.A. OpenPKG 2.5-RELEASE <= freetype-2.1.10-2.5.0 >= freetype-2.1.10-2.5.1 Description: Multiple security issues exist in the FreeType [1] font rendering library before version 2.2: An integer overflow allows remote attackers to cause a Denial of Service (DoS) and possibly execute arbitrary code via unknown vectors, as demonstrated by the Red Hat "bad1.pcf" test file, due to a partial fix of CVE-2006-1861. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-3467 [2] to the problem. Remote attackers can cause a Denial of Service (DoS) via a specially crafted font file that triggers a NULL dereference. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-2661 [3] to the problem. Multiple integer overflows allow remote attackers to cause a Denial of Service (DoS) and possibly execute arbitrary code. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-1861 [4] to the problem. Parts of this issue the Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-2493, which is now rejected. Integer underflow allows remote attackers to cause a Denial of Service (DoS) via a specially crafted font file with an odd number of "blue" values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-0747 [5] to the problem. An additional flaw causes some programs to go into an infinite loop and this way cause a Denial of Service (DoS) when dealing with fonts that don't have a properly sorted kerning sub-table. ________________________________________________________________________ References: [1] http://www.freetype.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2661 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0747 ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG " (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org for details on how to verify the integrity of this advisory. ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG iD8DBQFEyfw3gHWT4GPEy58RAiB1AKDKGX5q6ovQuoQXjnV9KY3jvCLJNgCgxCdg difG4d5DnORPqstdPAUejm8= =hbbe -----END PGP SIGNATURE-----