BNLug - Freetype TT Load Simple Glyph() TTF File Integer Overflow Vulnerability

Freetype TT_Load_Simple_Glyph() TTF File Integer Overflow Vulnerability

TITLE: Freetype TT_Load_Simple_Glyph() TTF File Integer Overflow Vulnerability
CLASS: Input Validation Error
CVE: CVE-2007-2754

REMOTE: Yes
LOCAL: No
PUBLISHED: May 21 2007 12:00AM
UPDATE: Jun 18 2007 04:59PM
CREDIT: Victor Stinner is credited with discovering this issue.
VULNERABLE:

Ubuntu Ubuntu Linux 7.04 sparc
Ubuntu Ubuntu Linux 7.04 powerpc
Ubuntu Ubuntu Linux 7.04 i386
Ubuntu Ubuntu Linux 7.04 amd64
Ubuntu Ubuntu Linux 6.10 sparc
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Sun StarSuite 8 Update 7
Sun StarSuite 8 Update 6
Sun StarSuite 8
Sun StarSuite 7.0 PP10
Sun StarSuite 7 PP9
Sun StarSuite 7
Sun StarSuite 6.0 PP7
Sun StarSuite 6 PP6
Sun StarSuite 6
Sun StarOffice 7.0
Sun StarOffice 8.0
Sun StarOffice 8 Update 7
Sun StarOffice 8 Update 6
Sun StarOffice 7.0 PP9
Sun StarOffice 7.0 PP10
Sun StarOffice 6.0 PP7
Sun StarOffice 6.0 PP6
Sun StarOffice 6.0
rPath rPath Linux 1
RedHat Enterprise Linux Desktop Workstation v. 5 client
RedHat Enterprise Linux Desktop v.5 client
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux v. 5 server
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Linux Mandrake 2007.1 x86_64
MandrakeSoft Linux Mandrake 2007.1
MandrakeSoft Linux Mandrake 2007.0 x86_64
MandrakeSoft Linux Mandrake 2007.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Gentoo Linux
FreeType FreeType 2.3.4
FreeType FreeType 2.2.10
FreeType FreeType 2.2.1
+ OpenPKG OpenPKG E1.0-Solid
+ OpenPKG OpenPKG E1.0-Solid
+ Trustix Secure Linux 3.0.5
+ Trustix Secure Linux 3.0
+ Trustix Secure Linux 2.2
FreeType FreeType 2.1.10
FreeType FreeType 2.1.9
FreeType FreeType 2.1.7
FreeType FreeType 2.0.9
FreeType FreeType 2.0.6
FreeType FreeType 1.3.1
FreeType FreeType 2.2
Foresight Linux Foresight Linux 1.1
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0

NOT VULNERABLE:

Vai alla pagina originale su Security Focus

Discussion

FreeType is prone to an integer-overflow vulnerability because it fails to properly validate TTF files.

An attacker may exploit this issue by enticing victims into opening maliciously crafted TTF Files.

Successful exploits will allow attackers to execute arbitrary code in the context in the context of applications that use the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects FreeType 2.3.4 and prior versions.

Exploit

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.