|
 |
| Thu, Dec 04th | home | browse | articles | contact | chat | submit | faq | newsletter | about | stats | scoop | 21:33 UTC |
|
|
login « register « recover password « |
|
|
|
Several local vulnerabilities have been discovered in freetype, a FreeType 2 font engine, which could allow the execution of arbitrary code. An integer overflow allows context-dependent attackers to execute arbitrary code via a crafted set of values within the Private dictionary table in a Printer Font Binary (PFB) file. The handling of an invalid "number of axes" field in the PFB file could trigger the freeing of aribtrary memory locations, leading to memory corruption. Multiple off-by-one errors allowed the execution of arbitrary code via malformed tables in PFB files, or invalid SHC instructions in TTF files. Updated packages are available from security.debian.org. Links: security.debian.org
FreeType is a free, high-quality, portable font engine that can open and manage font files, as well as efficiently load, hint and render individual glyphs. Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user loaded a carefully crafted font-file with a program linked against FreeType, it could cause the application to crash, or possibly execute arbitrary code. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
Greg MacManus discovered an integer overflow in the font handling of libfreetype, a FreeType 2 font engine, which might lead to denial of service or possibly the execution of arbitrary code if a user is tricked into opening a malformed font. Fixed packages are available from security.debian.org. Links: security.debian.org
A problem was discovered with freetype, a FreeType2 font engine, which could allow the execution of arbitary code via an integer overflow in specially crafted TTF files. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
The TTF rendering library freetype2 was updated to fix an integer signedness bug when handling TTF images. This bug can lead to a heap overflow that can be exploited to execute arbitrary code. Fixed packages are available from ftp.suse.com. Links: ftp.suse.com [Comments are disabled]
FreeType is a free, high-quality, portable font engine. An integer overflow flaw was found in the way the FreeType font engine processed TTF font files. If a user loaded a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
A problem was discovered with freetype, a FreeTyp2 font engine, which could allow the execution of arbitary code via an integer overflow in specially crafted TTF files. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
FreeType is a free, high-quality, portable font engine. An integer overflow flaw was found in the way the FreeType font engine processed BDF font files. If a user loaded a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
It was discovered that an integer overflow in freetype's PCF font code may lead to denial of service and potential execution of arbitrary code. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
This security update fixes crashes in the PCF handling of freetype2 which might be used to crash freetype2 using applications or even to execude code in them. Fixed packages are available from ftp.suse.com. Links: ftp.suse.com [Comments are disabled]
FreeType is a free, high-quality, and portable font engine. Chris Evans discovered several integer underflow and overflow flaws in the FreeType font engine. If a user loads a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code as the user. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. A NULL pointer dereference flaw was found in the FreeType font engine. An application linked against FreeType can crash upon loading a malformed font file. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
The freetype2 library renders TrueType fonts for open source projects. The bugs can lead to a remote denial-of-service attack and may lead to remote command execution. The user needs to use a program that uses freetype2 (almost all GUI applications do) and let this program process malicious font data. Fixed packages are available from ftp.suse.com. Links: ftp.suse.com [Comments are disabled]
Several problems have been discovered in the FreeType 2 font engine. Several integer underflows have been discovered which could allow remote attackers to cause a denial of service. Chris Evans discovered several integer overflows that lead to a denial of service or could possibly even lead to the execution of arbitrary code. Several more integer overflows have been discovered which could possibly lead to the execution of arbitrary code. A null pointer dereference could cause a denial of service. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Recently, I downloaded about 2,000 free fonts. Most of them are of high quality, but you can easily imagine my problem: There are just too many of them for one graphics designer. I don't have time to browse through them all to find the one optimal for my needs. [Comments are disabled]
|
|
