Solution
Please Install the Updated Packages.
Insight
FreeType is a free, high-quality, portable font engine that can open and manage font files, as well as efficiently load, hint and render individual glyphs.
Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user loaded a carefully crafted font-file with a program linked against FreeType, it could cause the application to crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808)
Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser, covered by CVE-2008-1808, did not affect the freetype packages as shipped in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF Byte Code Interpreter (BCI) support.
Users of freetype should upgrade to these updated packages, which contain backported patches to resolve these issues.
Affected
freetype on CentOS 3
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-1806, CVE-2008-1807, CVE-2008-1808 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities