Mandriva Linux Security Advisory 2010-157 - The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font file. Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File font. bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service via a crafted BDF font file, related to an attempted modification of a value in a static string. The updated packages have been patched to correct these issues.
b173a76939af6c5aad8e3c142be5be456997a18cbc9f297e473e41f0ed555dd9