CVE-2010-3814

Related Files

Gentoo Linux Security Advisory 201201-09

Posted Jan 24, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-9 - Multiple vulnerabilities have been found in FreeType, allowing remote attackers to possibly execute arbitrary code or cause a Denial of Service. Versions less than 2.4.8 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2010-1797, CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2527, CVE-2010-2541, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053, CVE-2010-3054, CVE-2010-3311, CVE-2010-3814, CVE-2010-3855, CVE-2011-0226, CVE-2011-3256, CVE-2011-3439

SHA-256 | c2f545da77d59dcae89071ef5db306706481440c4f480de96b07a59229faf95e

Download | Favorite | View

Debian Security Advisory 2155-1

Posted Feb 1, 2011

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2155-1 - Two buffer overflows were found in the Freetype font library, which could lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary

systems | linux, debian

advisories | CVE-2010-3814, CVE-2010-3855

SHA-256 | b8b4ef4cd73f647d0b7feba3fb89ab736e4f7accb9aa214fc6d03d503e29bf7c

Download | Favorite | View

Mandriva Linux Security Advisory 2010-236

Posted Nov 16, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-236 - Multiple vulnerabilities were discovered and corrected in freetype2. An error within the "Ins_SHZ()" function in src/truetype/ttinterp.c when handling the "SHZ" bytecode instruction can be exploited to cause a crash and potentially execute arbitrary code via a specially crafted font. An error exists in the "ft_var_readpackedpoints()" function in src/truetype/ttgxvar.c when processing TrueType GX fonts and can be exploited to cause a heap-based buffer overflow via a specially crafted font.

tags | advisory, overflow, arbitrary, vulnerability

systems | linux, mandriva

advisories | CVE-2010-3814, CVE-2010-3855

SHA-256 | 082e3d14d51c0c4429d4ac6085aeee9d68bb604f0f963c33a896c08708daa057

Download | Favorite | View

Ubuntu Security Notice 1013-1

Posted Nov 5, 2010

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1013-1 - Marc Schoenefeld discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. Chris Evans discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. It was discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary

systems | linux, ubuntu

advisories | CVE-2010-3311, CVE-2010-3814, CVE-2010-3855

SHA-256 | a7844c918a1287ebbeb10049ad6777cfc78db17becfe0ec9fc5d86eda02f4746

Download | Favorite | View