freetype2 read_lwfn() integer overflow

freetype-lwfn-overflow (26553) The risk level is classified as HighHigh Risk

Description:

freetype2 is vulnerable to an integer overflow in the read_lwfn() function. A remote attacker could exploit this vulnerability using a specially-crafted LWFN file to execute arbitrary code on a victim's system.


Consequences:

Gain Access

Remedy:

Upgrade to the latest version of freetype2 (2.2.1 or later), available from SourceForge.net. See References.

For Debian GNU/Linux:
Refer to DSA-1095-1 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2006-07-02 for patch, upgrade, or suggested workaround information. See References.

For Red Hat Linux:
Refer to RHSA-2006:0500-10 for patch, upgrade, or suggested workaround information. See References.

For OpenPKG:
Refer to OpenPKG Security Advisory OpenPKG-SA-2006-017 for patch, upgrade, or suggested workaround information. See References.

Refer to Sun Alert ID: 102705 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Apply the appropriate update for your system. See References.

References:

  • Apple Web site: About the security content of Security Update 2009-001 .
  • SourceForge.net: Files: The FreeType Project - File Release Notes and Changelog - Release Name: 2.2.1.
  • Sun Alert ID: 102705: Security Vulnerabilities (Integer Overflows and a Denial of Service) in the FreeType 2 Font Engine.
  • ASA-2006-176: freetype security update (RHSA-2006-0500)
  • ASA-2007-039: Security Vulnerabilities (Integer Overflows and a Denial of Service) in the FreeType 2 Font Engine (Sun 102705)
  • ASA-2009-226: freetype security update (RHSA-2009-0329)
  • ASA-2009-243: freetype security update (RHSA-2009-1062)
  • BID-18034: FreeType LWFN Files Buffer Overflow Vulnerability
  • CVE-2006-1861: Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.
  • DSA-1095: freetype -- integer overflows
  • GLSA-200607-02: FreeType: Multiple integer overflows
  • GLSA-200710-09: NX 2.1: User-assisted execution of arbitrary code
  • GLSA-201006-01: FreeType 1: User-assisted execution of arbitrary code
  • MDKSA-2006:099: freetype2
  • MDKSA-2006:099-1: freetype2
  • MDKSA-2006:129: freetype2
  • OpenPKG-SA-2006.017: Freetype
  • RHSA-2006-0500: freetype security update
  • RHSA-2009-0329: Important: freetype security update
  • RHSA-2009-1062: Important: freetype security update
  • SA20100: FreeType Integer Overflow and Underflow Vulnerabilities
  • SA21701: Avaya Products FreeType Vulnerabilities
  • SA23939: Sun Solaris FreeType Integer Overflow and Underflow Vulnerabilities
  • SA27162: NX Server PCF Integer Overflow Vulnerabilities
  • SA33937: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
  • SECTRACK ID: 1016522: FreeType Integer Overflows Let Remote Users Execute Arbitrary Code
  • SUSE-SA:2006:037: freetype integer overflow problems
  • SUSE-SR:2007:021: SUSE Security Summary Report
  • USN-291-1: FreeType vulnerabilities
  • VUPEN/ADV-2006-1868: FreeType Font Files Handling Multiple Integer Overflow Vulnerabilities
  • VUPEN/ADV-2007-0381: Sun Solaris Security Update Fixes FreeType Multiple Integer Overflow Vulnerabilities

Platforms Affected:

  • Apple Mac OS X 10.4.11
  • Apple Mac OS X Server 10.4.11
  • Canonical Ubuntu 5.04
  • Canonical Ubuntu 5.10
  • Canonical Ubuntu 6.06 LTS
  • Debian Debian Linux 3.0
  • Debian Debian Linux 3.1
  • FreeType Project freetype2 prior to 2.2.1
  • Gentoo Linux
  • MandrakeSoft Mandrake Linux 2006 X86_64
  • MandrakeSoft Mandrake Linux 2006
  • MandrakeSoft Mandrake Linux LE2005
  • MandrakeSoft Mandrake Linux LE2005 X86_64
  • MandrakeSoft Mandrake Linux Corporate Server 3.0
  • MandrakeSoft Mandrake Linux Corporate Server 3.0 X86_64
  • MandrakeSoft Mandrake Multi Network Firewall 2.0
  • Novell Linux Desktop 9
  • OpenPKG OpenPKG 2-STABLE
  • OpenPKG OpenPKG 2.5
  • OpenPKG OpenPKG CURRENT
  • RedHat Enterprise Linux 2.1 ES
  • RedHat Enterprise Linux 2.1 AS
  • RedHat Enterprise Linux 2.1 WS
  • RedHat Enterprise Linux 3 WS
  • RedHat Enterprise Linux 3 ES
  • RedHat Enterprise Linux 3 AS
  • RedHat Enterprise Linux 3 Desktop
  • RedHat Enterprise Linux 4 AS
  • RedHat Enterprise Linux 4 WS
  • RedHat Enterprise Linux 4 ES
  • RedHat Enterprise Linux 4 Desktop
  • RedHat Enterprise Linux 4.8.z AS
  • RedHat Enterprise Linux 4.8.z ES
  • RedHat Linux Advanced Workstation 2.1 Itanium
  • SUSE SuSE Linux 10.0
  • SUSE SuSE Linux 10.1
  • SuSE SuSE SLES 9

Reported:

May 13, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page