Summary
This host is installed with FreeType and is prone to multiple Denial of Service vulnerabilities.
Impact
Successful exploitation may allow attackers to execute arbitrary code in the context of an application that uses the affected library. Failed exploitation attempts will likely result in denial-of-service conditions.
Impact Level: Application
Solution
Upgrade to FreeType version 2.4.2 or later,
For updates refer to http://www.freetype.org/
Insight
- Buffer overflow error in the 'Mac_Read_POST_Resource()' [src/base/ftobjs.c] function when processig Adobe Type 1 Mac Font File (LWFN) fonts.
- Errors related to the bdf/bdflib.c, t42_parse_sfnts function in type42/t42parse.c, FT_Stream_EnterFrame function in base/ftstream.c, ftmulti.c in the ftmulti demo program and to the 'BOUNDS' macro when processing fonts.
Affected
FreeType version 2.4.1 and prior.
References
Severity
Classification
-
CVE CVE-2010-2541, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities