oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Multiple bugs in freetype

From: Pierre Joye <pierre.php () gmail com>
Date: Wed, 14 Jul 2010 09:34:28 +0200
Thanks for the headup. FYI fixes are part of 2.4.0 as far as I can tell.

On Tue, Jul 13, 2010 at 11:34 PM, Robert Święcki <robert () swiecki net> wrote:

FYI

I've reported recently multiple problems in freetype (around ~20),
most of them are NULL-ptr derefs, stack exhaustion and div by zero
issues, but the rest might be interesting. RedHat was kind enough to
assign CVE numbers to some of them. vendor-sec members tend to treat
it as public issues, so reposting here:


CVE-2010-2497 freetype integer underflow #30082 #30083
CVE-2010-2498 freetype invalid free #30106
CVE-2010-2499 freetype buffer overflow #30248 #30249
CVE-2010-2500 freetype integer overflow #30263
CVE-2010-2519 freetype heap buffer overflow #30306
CVE-2010-2520 freetype buffer overflow on heap #30361


I wasn't trying to make weaponized exploits, although some of those
issues are clearly exploitable.

The full list

http://savannah.nongnu.org/bugs/index.php?group=freetype&func=browse&set=custom&report_id=101&submitted_by=78858

--
Robert Swiecki - http://www.swiecki.net





-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Previous By Date Next
Previous By Thread Next

Current thread: