exploit the possibilities
Showing 1 - 1 of 1 RSS Feed

Files

Mandriva Linux Security Advisory 2010-156
Posted Aug 23, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-156 - The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font file. Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File font. bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service via a crafted BDF font file, related to an attempted modification of a value in a static string. Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-3053, CVE-2010-3054
MD5 | 92c6cdf08fefda2ef8ee18bdf8ef06f5
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close