Vulnerabilities > CVE-2007-3506 - Remote Buffer Overflow vulnerability in FreeType Bitmap Font Handling

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

freetype

NVD

Published: 2007-07-02

Updated: 2008-09-05

Summary

The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug."

Vulnerable Configurations

Part	Description	Count
Application	Freetype Freetype Freetype 1.3.1 Freetype Freetype 2.0 Freetype Freetype 2.0.1 Freetype Freetype 2.0.2 Freetype Freetype 2.0.3 Freetype Freetype 2.0.4 Freetype Freetype 2.0.5 Freetype Freetype 2.0.6 Freetype Freetype 2.0.7 Freetype Freetype 2.0.8 Freetype Freetype 2.0.9 Freetype Freetype 2.1 Freetype Freetype 2.1.3 Freetype Freetype 2.1.4 Freetype Freetype 2.1.5 Freetype Freetype 2.1.6 Freetype Freetype 2.1.7 Freetype Freetype 2.1.8 Freetype Freetype 2.1.8_Rc1 Freetype Freetype 2.1.9 Freetype Freetype 2.1.10 Freetype Freetype 2.2 Freetype Freetype 2.2.1 Freetype Freetype 2.3.0 Freetype Freetype 2.3.1 Freetype Freetype 2.3.2 Freetype Freetype 2.3.3	28

Statements

contributor	Joshua Bressers
lastmodified	2007-07-05
organization	Red Hat
statement	Not vulnerable. These issues did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.

Summary

Vulnerable Configurations

Statements

References