CVE-2007-2754

Related Files

Gentoo Linux Security Advisory 201006-1

Posted Jun 2, 2010

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201006-1 - Multiple vulnerabilities in FreeType might result in the remote execution of arbitrary code. Multiple issues found in FreeType 2 were also discovered in FreeType 1. For details on these issues, please review the Gentoo Linux Security Advisories and CVE identifiers referenced below. Versions less than 1.4_pre20080316-r2 are affected.

tags | advisory, remote, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2006-1861, CVE-2007-2754

SHA-256 | 109a3a117318affac0281fc5c8efacd287ad72cdbe76e93b7a92016f4cd799a1

Download | Favorite | View

Debian Linux Security Advisory 1334-1

Posted Jul 19, 2007

Authored by Debian | Site debian.org

Debian Security Advisory 1334-1 - A problem was discovered with freetype, a FreeType2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.

tags | advisory, overflow, arbitrary

systems | linux, debian

advisories | CVE-2007-2754

SHA-256 | 06bb6b4b71b546ba421a4a5a243648d9e55cc79d1ce6286d82e281db63340834

Download | Favorite | View

Gentoo Linux Security Advisory 200707-2

Posted Jul 2, 2007

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200707-02 - John Heasman of NGSSoftware has discovered a heap-based buffer overflow when parsing the prdata tag in RTF files where the first token is smaller than the second one (CVE-2007-0245). Additionally, the OpenOffice binary program is shipped with a version of FreeType that contains an integer signedness error in the n_points variable in file truetype/ttgload.c, which was covered by GLSA 200705-22 (CVE-2007-2754). Versions less than 2.2.1 are affected.

tags | advisory, overflow

systems | linux, gentoo

advisories | CVE-2007-0245, CVE-2007-2754

SHA-256 | 9cb04ef59403568b53c2c509e72a62320270f7ee1742c121678b4e3642d88dbb

Download | Favorite | View

Mandriva Linux Security Advisory 2007.121

Posted Jun 14, 2007

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - An integer overflow vulnerability was discovered in the way the FreeType font engine processed TTF files. If a user were to load a special font file with a program linked against freetype, it could cause the application to crash or possibly execute arbitrary code as the user running the program.

tags | advisory, overflow, arbitrary

systems | linux, mandriva

advisories | CVE-2007-2754

SHA-256 | 94960e6f55bc1b10bf6a19df85e9a6c69aa8b76672a3ba11ef83907969b799a6

Download | Favorite | View

Debian Linux Security Advisory 1302-1

Posted Jun 11, 2007

Authored by Debian | Site debian.org

Debian Security Advisory 1302-1 - A problem was discovered with freetype, a FreeTyp2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.

tags | advisory, overflow, arbitrary

systems | linux, debian

advisories | CVE-2007-2754

SHA-256 | c124f95dee3404561bbca91bcb78c6545f445033ef06d0760d1d298d1f9b0e9e

Download | Favorite | View

OpenPKG Security Advisory 2007.18

Posted May 30, 2007

Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - A vulnerability caused by an integer signedness error was found by Victor Stinner in the font rendering library Freetype, versions up to and including 2.3.4. The vulnerability might allow remote attackers to execute arbitrary code via a specially crafted TrueType Font (TTF) file with a negative "n_points" value, which leads to an integer overflow and heap-based buffer overflow.

tags | advisory, remote, overflow, arbitrary

advisories | CVE-2007-2754

SHA-256 | 20e3597f4528c3bf943c842d2c4a790a8846089007afb586832a34877de6bcb1

Download | Favorite | View