SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   FreeType Vendors:   freetype.org
FreeType Buffer Overflows and Memory Errors Let Remote Users Deny Service and Execute Arbitrary Code
SecurityTracker Alert ID:  1026765
SecurityTracker URL:  http://securitytracker.com/id/1026765
CVE Reference:   CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144   (Links to External Site)
Date:  Mar 6 2012
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.4.9
Description:   Multiple vulnerabilities were reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can cause denial of service conditions.

A remote user can create a specially crafted font that, when loaded by the target user or application, will trigger a write buffer overflow and execute arbitrary code on the target system or a read buffer overflow and cause the target application to crash. The code will run with the privileges of the target user or application.

An out-of-bounds buffer read in parsing, adding, or validating properties in BDF fonts can cause denial of service conditions [CVE-2012-1126].

An out-of-bounds buffer read in parsing glyph information and bitmaps for BDF fontscan cause denial of service conditions [CVE-2012-1127].

A null pointer dereference in processing TrueType fonts can cause denial of service conditions [CVE-2012-1128].

An out-of-bounds buffer read in the parsing certain SFNT strings by Type42 font parser can cause denial of service conditions [CVE-2012-1129].

An out-of-bounds buffer read in loading properties of PCF fonts can cause denial of service conditions [CVE-2012-1130].

An out-of-bounds buffer read in reading cell data can cause denial of service conditions [CVE-2012-1131].

An out-of-bounds buffer read in parsing font dictionary entries can cause denial of service conditions [CVE-2012-1132].

A heap overflow in parsing BDF glyph information and bitmaps can cause code execution [CVE-2012-1133].

A heap overflow in retrieving a font's private dictionary can cause code execution [CVE-2012-1134].

An out-of-bounds buffer read in the TrueType bytecode interpreter when executing NPUSHB and NPUSHW instructions can cause denial of service conditions [CVE-2012-1135].

A heap overflow in parsing BDF glyph and bitmaps with missing ENCODING field can cause code execution [CVE-2012-1136].

An out-of-bounds buffer read in parsing BDF font header data can cause denial of service conditions [CVE-2012-1137].

An out-of-bounds buffer read in the TrueType bytecode interpreter when executing the MIRP instruction can cause denial of service conditions [CVE-2012-1138].

An array index error in parsing BDF font glyph information can cause denial of service conditions [CVE-2012-1139].

An out-of-bounds buffer read in converting PostScript font objects can cause denial of service conditions [CVE-2012-1140].

An out-of-bounds buffer read when converting an ASCII string into a signed short integer in BDF fonts can cause denial of service conditions [CVE-2012-1141].

A heap overflow in retrieving advance values for glyph outlines can cause code execution [CVE-2012-1142].

An integer divide-by-zero error can cause denial of service conditions [CVE-2012-1143].

A buffer overflow in the TrueType bytecode interpreter can cause code execution [CVE-2012-1144].

Mateusz Jurczyk, Google Security Team, reported these vulnerabilities.

Impact:   A remote user can create a file that, when loaded by the target user or application, will execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

Solution:   The vendor has issued a source code fix.

The fix will be included in future version 2.4.9.

Vendor URL:  www.freetype.org/ (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 11 2012 (Red Hat Issues Fix) FreeType Buffer Overflows and Memory Errors Let Remote Users Deny Service and Execute Arbitrary Code
Red Hat has issued a fix for Red Hat Enterprise Linux 5 and 6.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC