FreeType Buffer Overflows and Memory Errors Let Remote Users Deny Service and Execute Arbitrary Code - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Application (Generic) > FreeType

Vendors: freetype.org

FreeType Buffer Overflows and Memory Errors Let Remote Users Deny Service and Execute Arbitrary Code

SecurityTracker Alert ID: 1026765

SecurityTracker URL: http://securitytracker.com/id/1026765

CVE Reference: CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144 (Links to External Site)

Date: Mar 6 2012

Impact: Denial of service via network, Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 2.4.9

Description: Multiple vulnerabilities were reported in FreeType. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can cause denial of service conditions.

A remote user can create a specially crafted font that, when loaded by the target user or application, will trigger a write buffer overflow and execute arbitrary code on the target system or a read buffer overflow and cause the target application to crash. The code will run with the privileges of the target user or application.

An out-of-bounds buffer read in parsing, adding, or validating properties in BDF fonts can cause denial of service conditions [CVE-2012-1126].

An out-of-bounds buffer read in parsing glyph information and bitmaps for BDF fontscan cause denial of service conditions [CVE-2012-1127].

A null pointer dereference in processing TrueType fonts can cause denial of service conditions [CVE-2012-1128].

An out-of-bounds buffer read in the parsing certain SFNT strings by Type42 font parser can cause denial of service conditions [CVE-2012-1129].

An out-of-bounds buffer read in loading properties of PCF fonts can cause denial of service conditions [CVE-2012-1130].

An out-of-bounds buffer read in reading cell data can cause denial of service conditions [CVE-2012-1131].

An out-of-bounds buffer read in parsing font dictionary entries can cause denial of service conditions [CVE-2012-1132].

A heap overflow in parsing BDF glyph information and bitmaps can cause code execution [CVE-2012-1133].

A heap overflow in retrieving a font's private dictionary can cause code execution [CVE-2012-1134].

An out-of-bounds buffer read in the TrueType bytecode interpreter when executing NPUSHB and NPUSHW instructions can cause denial of service conditions [CVE-2012-1135].

A heap overflow in parsing BDF glyph and bitmaps with missing ENCODING field can cause code execution [CVE-2012-1136].

An out-of-bounds buffer read in parsing BDF font header data can cause denial of service conditions [CVE-2012-1137].

An out-of-bounds buffer read in the TrueType bytecode interpreter when executing the MIRP instruction can cause denial of service conditions [CVE-2012-1138].

An array index error in parsing BDF font glyph information can cause denial of service conditions [CVE-2012-1139].

An out-of-bounds buffer read in converting PostScript font objects can cause denial of service conditions [CVE-2012-1140].

An out-of-bounds buffer read when converting an ASCII string into a signed short integer in BDF fonts can cause denial of service conditions [CVE-2012-1141].

A heap overflow in retrieving advance values for glyph outlines can cause code execution [CVE-2012-1142].

An integer divide-by-zero error can cause denial of service conditions [CVE-2012-1143].

A buffer overflow in the TrueType bytecode interpreter can cause code execution [CVE-2012-1144].

Mateusz Jurczyk, Google Security Team, reported these vulnerabilities.

Impact: A remote user can create a file that, when loaded by the target user or application, will execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

Solution: The vendor has issued a source code fix.

The fix will be included in future version 2.4.9.

Vendor URL: www.freetype.org/ (Links to External Site)

Cause: Access control error, Boundary error

Underlying OS: Linux (Any), UNIX (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

(Red Hat Issues Fix) FreeType Buffer Overflows and Memory Errors Let Remote Users Deny Service and Execute Arbitrary Code
Red Hat has issued a fix for Red Hat Enterprise Linux 5 and 6.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2019, SecurityGlobal.net LLC