Vulnerabilities > CVE-2007-2754 - Unspecified vulnerability in Freetype
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN freetype
nessus
Summary
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.
Vulnerable Configurations
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_120185.NASL description StarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09 last seen 2018-09-02 modified 2018-08-22 plugin id 22960 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22960 title Solaris 5.10 (sparc) : 120185-19 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(22960); script_version("1.33"); script_name(english: "Solaris 5.10 (sparc) : 120185-19"); script_cve_id("CVE-2006-2198", "CVE-2006-3117", "CVE-2006-5870", "CVE-2007-0002", "CVE-2007-0238", "CVE-2007-0239", "CVE-2007-0245", "CVE-2007-1466", "CVE-2007-2754", "CVE-2007-2834", "CVE-2007-4575"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 120185-19"); script_set_attribute(attribute: "description", value: 'StarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/120185-19"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(94); script_set_attribute(attribute:"plugin_publication_date", value: "2006/11/06"); script_cvs_date("Date: 2019/10/25 13:36:23"); script_set_attribute(attribute:"patch_publication_date", value: "2006/07/30"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/06/30"); script_end_attributes(); script_summary(english: "Check for patch 120185-19"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");NASL family Solaris Local Security Checks NASL id SOLARIS10_119812-20.NASL description X11 6.6.2: FreeType patch. Date this patch was last updated by Sun : Jan/16/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107347 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107347 title Solaris 10 (sparc) : 119812-20 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-0329.NASL description Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946) Chris Evans discovered multiple integer overflow flaws in the FreeType font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2006-1861) An integer overflow flaw was found in the way the FreeType font engine processed TrueType(r) Font (TTF) files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2007-2754) A flaw was discovered in the FreeType TTF font-file format parser when the TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2008-1808) The CVE-2008-1808 flaw did not affect the freetype packages as distributed in Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType BCI support. A fix for this flaw has been included in this update as users may choose to recompile the freetype packages in order to enable TrueType BCI support. Red Hat does not, however, provide support for modified and recompiled packages. Note: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754, and CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403, and RHSA-2008:0556 respectively. This update provides corresponding updates for the FreeType 1 font engine, included in the freetype packages distributed in Red Hat Enterprise Linux 3 and 4. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 38867 published 2009-05-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38867 title CentOS 3 / 4 : freetype (CESA-2009:0329) NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_124421.NASL description X11 6.4.1_x86: freetype2 patch. Date this patch was last updated by Sun : Aug/11/08 last seen 2020-06-01 modified 2020-06-02 plugin id 24400 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24400 title Solaris 8 (x86) : 124421-04 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_120190.NASL description StarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23617 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23617 title Solaris 5.9 (x86) : 120190-19 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0403.NASL description Updated freetype packages that fix a security flaw are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine. An integer overflow flaw was found in the way the FreeType font engine processed TTF font files. If a user loaded a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. (CVE-2007-2754) Users of FreeType should upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 25462 published 2007-06-12 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25462 title CentOS 3 / 4 : freetype (CESA-2007:0403) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_120186.NASL description StarOffice 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/10/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23616 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23616 title Solaris 5.9 (x86) : 120186-19 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120186-23.NASL description StarOffice 8 (Solaris_x86): Update 18. Date this patch was last updated by Sun : Mar/15/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107857 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107857 title Solaris 10 (x86) : 120186-23 NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_DE2FAB2D0A3711DCAAE200304881AC9A.NASL description Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. last seen 2020-06-01 modified 2020-06-02 plugin id 25306 published 2007-05-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25306 title FreeBSD : FreeType 2 -- Heap overflow vulnerability (de2fab2d-0a37-11dc-aae2-00304881ac9a) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-121.NASL description An integer overflow vulnerability was discovered in the way the FreeType font engine processed TTF files. If a user were to load a special font file with a program linked against freetype, it could cause the application to crash or possibly execute arbitrary code as the user running the program. The updated packages have been patched to prevent this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 25515 published 2007-06-14 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25515 title Mandrake Linux Security Advisory : freetype2 (MDKSA-2007:121) NASL family Solaris Local Security Checks NASL id SOLARIS10_120189.NASL description StarSuite 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09 last seen 2018-09-02 modified 2018-08-22 plugin id 22961 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22961 title Solaris 5.10 (sparc) : 120189-19 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-466-1.NASL description Victor Stinner discovered that freetype did not correctly verify the number of points in a TrueType font. If a user were tricked into using a specially crafted font, a remote attacker could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28066 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28066 title Ubuntu 6.06 LTS / 6.10 / 7.04 : freetype vulnerability (USN-466-1) NASL family Solaris Local Security Checks NASL id SOLARIS9_116105.NASL description X11 6.6.1: FreeType patch. Date this patch was last updated by Sun : Aug/11/08 last seen 2016-09-26 modified 2011-09-18 plugin id 23693 published 2006-11-20 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23693 title Solaris 9 (sparc) : 116105-09 NASL family SuSE Local Security Checks NASL id SUSE_FREETYPE2-3701.NASL description This update of freetype2 fixes an integer signedness bug when handling TTF images. This bug can lead to a heap overflow that can be exploited to execute arbitrary code. (CVE-2007-2754) last seen 2020-06-01 modified 2020-06-02 plugin id 27227 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27227 title openSUSE 10 Security Update : freetype2 (freetype2-3701) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120190-23.NASL description StarSuite 8 (Solaris_x86): Update 18. Date this patch was last updated by Sun : Mar/15/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107858 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107858 title Solaris 10 (x86) : 120190-23 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201006-01.NASL description The remote host is affected by the vulnerability described in GLSA-201006-01 (FreeType 1: User-assisted execution of arbitrary code) Multiple issues found in FreeType 2 were also discovered in FreeType 1. For details on these issues, please review the Gentoo Linux Security Advisories and CVE identifiers referenced below. Impact : A remote attacker could entice a user to open a specially crafted TTF file, possibly resulting in the execution of arbitrary code with the privileges of the user running FreeType. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 46768 published 2010-06-02 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46768 title GLSA-201006-01 : FreeType 1: User-assisted execution of arbitrary code NASL family Fedora Local Security Checks NASL id FEDORA_2009-5558.NASL description Port of freetype2 security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 38938 published 2009-05-28 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38938 title Fedora 10 : freetype1-1.4-0.8.pre.fc10 (2009-5558) NASL family Solaris Local Security Checks NASL id SOLARIS9_120189.NASL description StarSuite 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23558 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23558 title Solaris 5.9 (sparc) : 120189-19 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0403.NASL description From Red Hat Security Advisory 2007:0403 : Updated freetype packages that fix a security flaw are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine. An integer overflow flaw was found in the way the FreeType font engine processed TTF font files. If a user loaded a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. (CVE-2007-2754) Users of FreeType should upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67512 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67512 title Oracle Linux 3 / 4 / 5 : freetype (ELSA-2007-0403) NASL family Solaris Local Security Checks NASL id SOLARIS10_120189-23.NASL description StarSuite 8 (Solaris): Update 18. Date this patch was last updated by Sun : Mar/15/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107356 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107356 title Solaris 10 (sparc) : 120189-23 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0329.NASL description Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946) Chris Evans discovered multiple integer overflow flaws in the FreeType font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2006-1861) An integer overflow flaw was found in the way the FreeType font engine processed TrueType(r) Font (TTF) files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2007-2754) A flaw was discovered in the FreeType TTF font-file format parser when the TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2008-1808) The CVE-2008-1808 flaw did not affect the freetype packages as distributed in Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType BCI support. A fix for this flaw has been included in this update as users may choose to recompile the freetype packages in order to enable TrueType BCI support. Red Hat does not, however, provide support for modified and recompiled packages. Note: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754, and CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403, and RHSA-2008:0556 respectively. This update provides corresponding updates for the FreeType 1 font engine, included in the freetype packages distributed in Red Hat Enterprise Linux 3 and 4. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 38870 published 2009-05-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38870 title RHEL 3 / 4 : freetype (RHSA-2009:0329) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1334.NASL description A problem was discovered with freetype, a FreeType2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files. last seen 2020-06-01 modified 2020-06-02 plugin id 25743 published 2007-07-23 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25743 title Debian DSA-1334-1 : freetype - integer overflow NASL family Solaris Local Security Checks NASL id SOLARIS10_119812-16.NASL description X11 6.6.2: FreeType patch. Date this patch was last updated by Sun : May/30/12 last seen 2020-06-01 modified 2020-06-02 plugin id 107345 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107345 title Solaris 10 (sparc) : 119812-16 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120190.NASL description StarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09 last seen 2018-09-01 modified 2018-08-22 plugin id 22994 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22994 title Solaris 5.10 (x86) : 120190-19 NASL family Solaris Local Security Checks NASL id SOLARIS8_120189.NASL description StarSuite 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23420 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23420 title Solaris 5.8 (sparc) : 120189-19 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200707-02.NASL description The remote host is affected by the vulnerability described in GLSA-200707-02 (OpenOffice.org: Two buffer overflows) John Heasman of NGSSoftware has discovered a heap-based buffer overflow when parsing the last seen 2020-06-01 modified 2020-06-02 plugin id 25660 published 2007-07-03 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25660 title GLSA-200707-02 : OpenOffice.org: Two buffer overflows NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1062.NASL description Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946) Chris Evans discovered multiple integer overflow flaws in the FreeType font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2006-1861) An integer overflow flaw was found in the way the FreeType font engine processed TrueType(r) Font (TTF) files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2007-2754) Note: For the FreeType 2 font engine, the CVE-2006-1861 and CVE-2007-2754 flaws were addressed via RHSA-2006:0500 and RHSA-2007:0403 respectively. This update provides corresponding updates for the FreeType 1 font engine, included in the freetype packages distributed in Red Hat Enterprise Linux 2.1. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 38874 published 2009-05-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38874 title RHEL 2.1 : freetype (RHSA-2009:1062) NASL family SuSE Local Security Checks NASL id SUSE_FREETYPE2-3744.NASL description This update of freetype2 fixes an integer signedness bug when handling TTF images. This bug can lead to a heap overflow that can be exploited to execute arbitrary code. (CVE-2007-2754) last seen 2020-06-01 modified 2020-06-02 plugin id 27228 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27228 title openSUSE 10 Security Update : freetype2 (freetype2-3744) NASL family Fedora Local Security Checks NASL id FEDORA_2007-0033.NASL description This update fixes a bug in FreeType font rasterization engine that could cause a carefully crafted TrueType font to crash applications trying to use it. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27649 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27649 title Fedora 7 : freetype-2.3.4-3.fc7 (2007-0033) NASL family Solaris Local Security Checks NASL id SOLARIS8_120185.NASL description StarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23419 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23419 title Solaris 5.8 (sparc) : 120185-19 NASL family Solaris Local Security Checks NASL id SOLARIS10_119812.NASL description X11 6.6.2: FreeType patch. Date this patch was last updated by Sun : Apr/27/17 This plugin has been deprecated and either replaced with individual 119812 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 24371 published 2007-02-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=24371 title Solaris 10 (sparc) : 119812-22 (deprecated) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1302.NASL description A problem was discovered in freetype, a FreeType2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files. last seen 2020-06-01 modified 2020-06-02 plugin id 25464 published 2007-06-12 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25464 title Debian DSA-1302-1 : freetype - integer overflow NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0403.NASL description Updated freetype packages that fix a security flaw are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine. An integer overflow flaw was found in the way the FreeType font engine processed TTF font files. If a user loaded a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. (CVE-2007-2754) Users of FreeType should upgrade to these updated packages, which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 25476 published 2007-06-12 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25476 title RHEL 2.1 / 3 / 4 / 5 : freetype (RHSA-2007:0403) NASL family Fedora Local Security Checks NASL id FEDORA_2009-5644.NASL description Port of freetype2 security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 38943 published 2009-05-28 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38943 title Fedora 11 : freetype1-1.4-0.8.pre.fc11 (2009-5644) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119813-20.NASL description X11 6.6.2_x86: FreeType patch. Date this patch was last updated by Sun : Apr/14/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107849 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107849 title Solaris 10 (x86) : 119813-20 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120186.NASL description StarOffice 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/10/09 last seen 2018-09-01 modified 2018-08-22 plugin id 22993 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22993 title Solaris 5.10 (x86) : 120186-19 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119813-22.NASL description X11 6.6.2_x86: FreeType patch. Date this patch was last updated by Sun : Jan/16/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107850 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107850 title Solaris 10 (x86) : 119813-22 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0329.NASL description From Red Hat Security Advisory 2009:0329 : Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946) Chris Evans discovered multiple integer overflow flaws in the FreeType font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2006-1861) An integer overflow flaw was found in the way the FreeType font engine processed TrueType(r) Font (TTF) files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2007-2754) A flaw was discovered in the FreeType TTF font-file format parser when the TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2008-1808) The CVE-2008-1808 flaw did not affect the freetype packages as distributed in Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType BCI support. A fix for this flaw has been included in this update as users may choose to recompile the freetype packages in order to enable TrueType BCI support. Red Hat does not, however, provide support for modified and recompiled packages. Note: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754, and CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403, and RHSA-2008:0556 respectively. This update provides corresponding updates for the FreeType 1 font engine, included in the freetype packages distributed in Red Hat Enterprise Linux 3 and 4. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 67813 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67813 title Oracle Linux 3 / 4 : freetype (ELSA-2009-0329) NASL family SuSE Local Security Checks NASL id SUSE9_11554.NASL description This update of freetype2 fixes an integer signedness bug when handling TTF images. This bug can lead to a heap overflow that can be exploited to execute arbitrary code. (CVE-2007-2754) last seen 2020-06-01 modified 2020-06-02 plugin id 41135 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41135 title SuSE9 Security Update : freetype2 (YOU Patch Number 11554) NASL family Solaris Local Security Checks NASL id SOLARIS10_119812-18.NASL description X11 6.6.2: FreeType patch. Date this patch was last updated by Sun : Apr/14/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107346 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107346 title Solaris 10 (sparc) : 119812-18 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119813.NASL description X11 6.6.2_x86: FreeType patch. Date this patch was last updated by Sun : Apr/27/17 This plugin has been deprecated and either replaced with individual 119813 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 24382 published 2007-02-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=24382 title Solaris 10 (x86) : 119813-24 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_120185-23.NASL description StarOffice 8 (Solaris): Update 18. Date this patch was last updated by Sun : Mar/15/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107355 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107355 title Solaris 10 (sparc) : 120185-23 NASL family SuSE Local Security Checks NASL id SUSE_FREETYPE2-3746.NASL description This update of freetype2 fixes an integer signedness bug when handling TTF images. This bug can lead to a heap overflow that can be exploited to execute arbitrary code. (CVE-2007-2754) last seen 2020-06-01 modified 2020-06-02 plugin id 29438 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29438 title SuSE 10 Security Update : freetype2 (ZYPP Patch Number 3746) NASL family Scientific Linux Local Security Checks NASL id SL_20070611_FREETYPE_ON_SL5_X.NASL description An integer overflow flaw was found in the way the FreeType font engine processed TTF font files. If a user loaded a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. (CVE-2007-2754) last seen 2020-06-01 modified 2020-06-02 plugin id 60197 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60197 title Scientific Linux Security Update : freetype on SL5.x, SL4.x, SL3.x i386/x86_64 NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_116106.NASL description X11 6.6.1_x86: FreeType patch. Date this patch was last updated by Sun : Aug/11/08 last seen 2016-09-26 modified 2011-09-18 plugin id 23697 published 2006-11-20 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23697 title Solaris 9 (x86) : 116106-08 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200705-22.NASL description The remote host is affected by the vulnerability described in GLSA-200705-22 (FreeType: Buffer overflow) Victor Stinner discovered a heap-based buffer overflow in the function Get_VMetrics() in src/truetype/ttgload.c when processing TTF files with a negative n_points attribute. Impact : A remote attacker could entice a user to open a specially crafted TTF file, possibly resulting in the execution of arbitrary code with the privileges of the user running FreeType. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 25361 published 2007-06-01 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25361 title GLSA-200705-22 : FreeType: Buffer overflow NASL family Scientific Linux Local Security Checks NASL id SL_20090522_FREETYPE_ON_SL3_X.NASL description Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946) Chris Evans discovered multiple integer overflow flaws in the FreeType font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2006-1861) An integer overflow flaw was found in the way the FreeType font engine processed TrueType® Font (TTF) files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2007-2754) A flaw was discovered in the FreeType TTF font-file format parser when the TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2008-1808) The X server must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60588 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60588 title Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64 NASL family Solaris Local Security Checks NASL id SOLARIS9_120185.NASL description StarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23557 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23557 title Solaris 5.9 (sparc) : 120185-19 NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_120186.NASL description StarOffice 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/10/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23467 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23467 title Solaris 5.8 (x86) : 120186-19 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119813-18.NASL description X11 6.6.2_x86: FreeType patch. Date this patch was last updated by Sun : May/30/12 last seen 2020-06-01 modified 2020-06-02 plugin id 107848 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107848 title Solaris 10 (x86) : 119813-18 NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_120190.NASL description StarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23468 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23468 title Solaris 5.8 (x86) : 120190-19 NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-002.NASL description The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2009-002 applied. This security update contains fixes for the following products : - Apache - ATS - BIND - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - IPSec - Kerberos - Launch Services - libxml - Net-SNMP - Network Time - OpenSSL - QuickDraw Manager - Spotlight - system_cmds - telnet - Terminal - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 38743 published 2009-05-13 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38743 title Mac OS X Multiple Vulnerabilities (Security Update 2009-002) NASL family Solaris Local Security Checks NASL id SOLARIS8_124420.NASL description X11 6.4.1: freetype2 patch. Date this patch was last updated by Sun : Aug/11/08 last seen 2020-06-01 modified 2020-06-02 plugin id 24396 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24396 title Solaris 8 (sparc) : 124420-04
Oval
accepted 2013-04-29T04:13:15.770-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. family unix id oval:org.mitre.oval:def:11325 status accepted submitted 2010-07-09T03:56:16-04:00 title Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. version 27 accepted 2008-02-25T04:00:11.261-05:00 class vulnerability contributors name Nicholas Hansen organization Hewlett-Packard definition_extensions comment Solaris 8 (SPARC) is installed oval oval:org.mitre.oval:def:1539 comment Solaris 9 (SPARC) is installed oval oval:org.mitre.oval:def:1457 comment Solaris 10 (SPARC) is installed oval oval:org.mitre.oval:def:1440 comment Solaris 8 (x86) is installed oval oval:org.mitre.oval:def:2059 comment Solaris 9 (x86) is installed oval oval:org.mitre.oval:def:1683 comment Solaris 10 (x86) is installed oval oval:org.mitre.oval:def:1926
description Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. family unix id oval:org.mitre.oval:def:5532 status accepted submitted 2008-01-09T07:41:41.000-05:00 title Security Vulnerability in FreeType 2 Font Engine May Allow Privilege Escalation Due to Heap Overflow version 36
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://lists.gnu.org/archive/html/freetype-devel/2007-04/msg00041.html
- http://cvs.savannah.nongnu.org/viewvc/freetype2/src/truetype/ttgload.c?root=freetype&r1=1.177&r2=1.178
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240200
- https://issues.rpath.com/browse/RPL-1390
- http://support.avaya.com/elmodocs2/security/ASA-2007-330.htm
- http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
- http://www.debian.org/security/2007/dsa-1302
- http://www.debian.org/security/2007/dsa-1334
- http://www.gentoo.org/security/en/glsa/glsa-200705-22.xml
- http://www.gentoo.org/security/en/glsa/glsa-200707-02.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:121
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.018.html
- http://www.redhat.com/support/errata/RHSA-2007-0403.html
- ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102967-1
- http://www.novell.com/linux/security/advisories/2007_41_freetype2.html
- http://www.trustix.org/errata/2007/0019/
- http://www.ubuntu.com/usn/usn-466-1
- http://www.securityfocus.com/bid/24074
- http://www.securitytracker.com/id?1018088
- http://secunia.com/advisories/25350
- http://secunia.com/advisories/25386
- http://secunia.com/advisories/25353
- http://secunia.com/advisories/25463
- http://secunia.com/advisories/25483
- http://secunia.com/advisories/25612
- http://secunia.com/advisories/25609
- http://secunia.com/advisories/25654
- http://secunia.com/advisories/25705
- http://secunia.com/advisories/25894
- http://secunia.com/advisories/25905
- http://secunia.com/advisories/25808
- http://secunia.com/advisories/26129
- http://secunia.com/advisories/26305
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103171-1
- http://secunia.com/advisories/28298
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200033-1
- http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
- http://secunia.com/advisories/30161
- http://www.vupen.com/english/advisories/2009/1297
- http://secunia.com/advisories/35074
- http://support.apple.com/kb/HT3549
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://www.redhat.com/support/errata/RHSA-2009-0329.html
- http://www.redhat.com/support/errata/RHSA-2009-1062.html
- http://secunia.com/advisories/35200
- http://secunia.com/advisories/35204
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html
- https://bugzilla.redhat.com/show_bug.cgi?id=502565
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html
- http://secunia.com/advisories/35233
- http://www.vupen.com/english/advisories/2007/1894
- http://www.vupen.com/english/advisories/2007/2229
- http://www.vupen.com/english/advisories/2008/0049
- http://osvdb.org/36509
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5532
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11325
- http://www.securityfocus.com/archive/1/471286/30/6180/threaded
- http://www.securityfocus.com/archive/1/469463/100/200/threaded