ID CVE-2007-2754
Summary Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.
References
Vulnerable Configurations
  • FreeType 2.3.4
    cpe:2.3:a:freetype:freetype:2.3.4
CVSS
Base: 6.8 (as of 18-05-2007 - 10:06)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_120190.NASL
    description StarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09
    last seen 2018-09-01
    modified 2018-08-22
    plugin id 22994
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22994
    title Solaris 5.10 (x86) : 120190-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_120185-23.NASL
    description StarOffice 8 (Solaris): Update 18. Date this patch was last updated by Sun : Mar/15/11
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107355
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107355
    title Solaris 10 (sparc) : 120185-23
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_120189.NASL
    description StarSuite 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 23558
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23558
    title Solaris 5.9 (sparc) : 120189-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_120186.NASL
    description StarOffice 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/10/09
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 23467
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23467
    title Solaris 5.8 (x86) : 120186-19
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-0329.NASL
    description From Red Hat Security Advisory 2009:0329 : Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946) Chris Evans discovered multiple integer overflow flaws in the FreeType font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2006-1861) An integer overflow flaw was found in the way the FreeType font engine processed TrueType(r) Font (TTF) files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2007-2754) A flaw was discovered in the FreeType TTF font-file format parser when the TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2008-1808) The CVE-2008-1808 flaw did not affect the freetype packages as distributed in Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType BCI support. A fix for this flaw has been included in this update as users may choose to recompile the freetype packages in order to enable TrueType BCI support. Red Hat does not, however, provide support for modified and recompiled packages. Note: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754, and CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403, and RHSA-2008:0556 respectively. This update provides corresponding updates for the FreeType 1 font engine, included in the freetype packages distributed in Red Hat Enterprise Linux 3 and 4. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67813
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67813
    title Oracle Linux 3 / 4 : freetype (ELSA-2009-0329)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2009-002.NASL
    description The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2009-002 applied. This security update contains fixes for the following products : - Apache - ATS - BIND - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - IPSec - Kerberos - Launch Services - libxml - Net-SNMP - Network Time - OpenSSL - QuickDraw Manager - Spotlight - system_cmds - telnet - Terminal - X11
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 38743
    published 2009-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38743
    title Mac OS X Multiple Vulnerabilities (Security Update 2009-002)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-0329.NASL
    description Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946) Chris Evans discovered multiple integer overflow flaws in the FreeType font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2006-1861) An integer overflow flaw was found in the way the FreeType font engine processed TrueType(r) Font (TTF) files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2007-2754) A flaw was discovered in the FreeType TTF font-file format parser when the TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2008-1808) The CVE-2008-1808 flaw did not affect the freetype packages as distributed in Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType BCI support. A fix for this flaw has been included in this update as users may choose to recompile the freetype packages in order to enable TrueType BCI support. Red Hat does not, however, provide support for modified and recompiled packages. Note: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754, and CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403, and RHSA-2008:0556 respectively. This update provides corresponding updates for the FreeType 1 font engine, included in the freetype packages distributed in Red Hat Enterprise Linux 3 and 4. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 38870
    published 2009-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38870
    title RHEL 3 / 4 : freetype (RHSA-2009:0329)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_120189.NASL
    description StarSuite 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09
    last seen 2018-09-02
    modified 2018-08-22
    plugin id 22961
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22961
    title Solaris 5.10 (sparc) : 120189-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_120185.NASL
    description StarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 23419
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23419
    title Solaris 5.8 (sparc) : 120185-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_120186-23.NASL
    description StarOffice 8 (Solaris_x86): Update 18. Date this patch was last updated by Sun : Mar/15/11
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107857
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107857
    title Solaris 10 (x86) : 120186-23
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_120190-23.NASL
    description StarSuite 8 (Solaris_x86): Update 18. Date this patch was last updated by Sun : Mar/15/11
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107858
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107858
    title Solaris 10 (x86) : 120190-23
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090522_FREETYPE_ON_SL3_X.NASL
    description Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946) Chris Evans discovered multiple integer overflow flaws in the FreeType font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2006-1861) An integer overflow flaw was found in the way the FreeType font engine processed TrueType® Font (TTF) files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2007-2754) A flaw was discovered in the FreeType TTF font-file format parser when the TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2008-1808) The X server must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60588
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60588
    title Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200707-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-200707-02 (OpenOffice.org: Two buffer overflows) John Heasman of NGSSoftware has discovered a heap-based buffer overflow when parsing the 'prdata' tag in RTF files where the first token is smaller than the second one (CVE-2007-0245). Additionally, the OpenOffice binary program is shipped with a version of FreeType that contains an integer signedness error in the n_points variable in file truetype/ttgload.c, which was covered by GLSA 200705-22 (CVE-2007-2754). Impact : A remote attacker could entice a user to open a specially crafted document, possibly leading to execution of arbitrary code with the rights of the user running OpenOffice.org. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 25660
    published 2007-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25660
    title GLSA-200707-02 : OpenOffice.org: Two buffer overflows
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_120186.NASL
    description StarOffice 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/10/09
    last seen 2018-09-01
    modified 2018-08-22
    plugin id 22993
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22993
    title Solaris 5.10 (x86) : 120186-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_120189-23.NASL
    description StarSuite 8 (Solaris): Update 18. Date this patch was last updated by Sun : Mar/15/11
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107356
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107356
    title Solaris 10 (sparc) : 120189-23
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_120190.NASL
    description StarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 23617
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23617
    title Solaris 5.9 (x86) : 120190-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_120185.NASL
    description StarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09
    last seen 2018-09-02
    modified 2018-08-22
    plugin id 22960
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22960
    title Solaris 5.10 (sparc) : 120185-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_120190.NASL
    description StarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 23468
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23468
    title Solaris 5.8 (x86) : 120190-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_120189.NASL
    description StarSuite 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 23420
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23420
    title Solaris 5.8 (sparc) : 120189-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_120185.NASL
    description StarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 23557
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23557
    title Solaris 5.9 (sparc) : 120185-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_120186.NASL
    description StarOffice 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/10/09
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 23616
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23616
    title Solaris 5.9 (x86) : 120186-19
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201006-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201006-01 (FreeType 1: User-assisted execution of arbitrary code) Multiple issues found in FreeType 2 were also discovered in FreeType 1. For details on these issues, please review the Gentoo Linux Security Advisories and CVE identifiers referenced below. Impact : A remote attacker could entice a user to open a specially crafted TTF file, possibly resulting in the execution of arbitrary code with the privileges of the user running FreeType. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 46768
    published 2010-06-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46768
    title GLSA-201006-01 : FreeType 1: User-assisted execution of arbitrary code
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-0329.NASL
    description Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946) Chris Evans discovered multiple integer overflow flaws in the FreeType font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2006-1861) An integer overflow flaw was found in the way the FreeType font engine processed TrueType(r) Font (TTF) files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2007-2754) A flaw was discovered in the FreeType TTF font-file format parser when the TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2008-1808) The CVE-2008-1808 flaw did not affect the freetype packages as distributed in Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType BCI support. A fix for this flaw has been included in this update as users may choose to recompile the freetype packages in order to enable TrueType BCI support. Red Hat does not, however, provide support for modified and recompiled packages. Note: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754, and CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403, and RHSA-2008:0556 respectively. This update provides corresponding updates for the FreeType 1 font engine, included in the freetype packages distributed in Red Hat Enterprise Linux 3 and 4. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 38867
    published 2009-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38867
    title CentOS 3 / 4 : freetype (CESA-2009:0329)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FREETYPE2-3746.NASL
    description This update of freetype2 fixes an integer signedness bug when handling TTF images. This bug can lead to a heap overflow that can be exploited to execute arbitrary code. (CVE-2007-2754)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29438
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29438
    title SuSE 10 Security Update : freetype2 (ZYPP Patch Number 3746)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119812-16.NASL
    description X11 6.6.2: FreeType patch. Date this patch was last updated by Sun : May/30/12
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107345
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107345
    title Solaris 10 (sparc) : 119812-16
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1302.NASL
    description A problem was discovered in freetype, a FreeType2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25464
    published 2007-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25464
    title Debian DSA-1302-1 : freetype - integer overflow
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119813-20.NASL
    description X11 6.6.2_x86: FreeType patch. Date this patch was last updated by Sun : Apr/14/14
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107849
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107849
    title Solaris 10 (x86) : 119813-20
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119812-18.NASL
    description X11 6.6.2: FreeType patch. Date this patch was last updated by Sun : Apr/14/14
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107346
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107346
    title Solaris 10 (sparc) : 119812-18
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119812-20.NASL
    description X11 6.6.2: FreeType patch. Date this patch was last updated by Sun : Jan/16/17
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107347
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107347
    title Solaris 10 (sparc) : 119812-20
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_DE2FAB2D0A3711DCAAE200304881AC9A.NASL
    description Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 25306
    published 2007-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25306
    title FreeBSD : FreeType 2 -- Heap overflow vulnerability (de2fab2d-0a37-11dc-aae2-00304881ac9a)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FREETYPE2-3744.NASL
    description This update of freetype2 fixes an integer signedness bug when handling TTF images. This bug can lead to a heap overflow that can be exploited to execute arbitrary code. (CVE-2007-2754)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27228
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27228
    title openSUSE 10 Security Update : freetype2 (freetype2-3744)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FREETYPE2-3701.NASL
    description This update of freetype2 fixes an integer signedness bug when handling TTF images. This bug can lead to a heap overflow that can be exploited to execute arbitrary code. (CVE-2007-2754)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27227
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27227
    title openSUSE 10 Security Update : freetype2 (freetype2-3701)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-5558.NASL
    description Port of freetype2 security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 38938
    published 2009-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38938
    title Fedora 10 : freetype1-1.4-0.8.pre.fc10 (2009-5558)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119813-22.NASL
    description X11 6.6.2_x86: FreeType patch. Date this patch was last updated by Sun : Jan/16/17
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107850
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107850
    title Solaris 10 (x86) : 119813-22
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-5644.NASL
    description Port of freetype2 security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 38943
    published 2009-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38943
    title Fedora 11 : freetype1-1.4-0.8.pre.fc11 (2009-5644)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-0033.NASL
    description This update fixes a bug in FreeType font rasterization engine that could cause a carefully crafted TrueType font to crash applications trying to use it. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27649
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27649
    title Fedora 7 : freetype-2.3.4-3.fc7 (2007-0033)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_116106.NASL
    description X11 6.6.1_x86: FreeType patch. Date this patch was last updated by Sun : Aug/11/08
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 23697
    published 2006-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23697
    title Solaris 9 (x86) : 116106-08
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0403.NASL
    description Updated freetype packages that fix a security flaw are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine. An integer overflow flaw was found in the way the FreeType font engine processed TTF font files. If a user loaded a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. (CVE-2007-2754) Users of FreeType should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25462
    published 2007-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25462
    title CentOS 3 / 4 : freetype (CESA-2007:0403)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11554.NASL
    description This update of freetype2 fixes an integer signedness bug when handling TTF images. This bug can lead to a heap overflow that can be exploited to execute arbitrary code. (CVE-2007-2754)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41135
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41135
    title SuSE9 Security Update : freetype2 (YOU Patch Number 11554)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_124421.NASL
    description X11 6.4.1_x86: freetype2 patch. Date this patch was last updated by Sun : Aug/11/08
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 24400
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24400
    title Solaris 8 (x86) : 124421-04
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1062.NASL
    description Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946) Chris Evans discovered multiple integer overflow flaws in the FreeType font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2006-1861) An integer overflow flaw was found in the way the FreeType font engine processed TrueType(r) Font (TTF) files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2007-2754) Note: For the FreeType 2 font engine, the CVE-2006-1861 and CVE-2007-2754 flaws were addressed via RHSA-2006:0500 and RHSA-2007:0403 respectively. This update provides corresponding updates for the FreeType 1 font engine, included in the freetype packages distributed in Red Hat Enterprise Linux 2.1. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 38874
    published 2009-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38874
    title RHEL 2.1 : freetype (RHSA-2009:1062)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070611_FREETYPE_ON_SL5_X.NASL
    description An integer overflow flaw was found in the way the FreeType font engine processed TTF font files. If a user loaded a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. (CVE-2007-2754)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60197
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60197
    title Scientific Linux Security Update : freetype on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-466-1.NASL
    description Victor Stinner discovered that freetype did not correctly verify the number of points in a TrueType font. If a user were tricked into using a specially crafted font, a remote attacker could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28066
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28066
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : freetype vulnerability (USN-466-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-121.NASL
    description An integer overflow vulnerability was discovered in the way the FreeType font engine processed TTF files. If a user were to load a special font file with a program linked against freetype, it could cause the application to crash or possibly execute arbitrary code as the user running the program. The updated packages have been patched to prevent this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25515
    published 2007-06-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25515
    title Mandrake Linux Security Advisory : freetype2 (MDKSA-2007:121)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_116105.NASL
    description X11 6.6.1: FreeType patch. Date this patch was last updated by Sun : Aug/11/08
    last seen 2016-09-26
    modified 2011-09-18
    plugin id 23693
    published 2006-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23693
    title Solaris 9 (sparc) : 116105-09
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0403.NASL
    description From Red Hat Security Advisory 2007:0403 : Updated freetype packages that fix a security flaw are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine. An integer overflow flaw was found in the way the FreeType font engine processed TTF font files. If a user loaded a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. (CVE-2007-2754) Users of FreeType should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67512
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67512
    title Oracle Linux 3 / 4 / 5 : freetype (ELSA-2007-0403)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119813.NASL
    description X11 6.6.2_x86: FreeType patch. Date this patch was last updated by Sun : Apr/27/17 This plugin has been deprecated and either replaced with individual 119813 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 24382
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24382
    title Solaris 10 (x86) : 119813-24 (deprecated)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0403.NASL
    description Updated freetype packages that fix a security flaw are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine. An integer overflow flaw was found in the way the FreeType font engine processed TTF font files. If a user loaded a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. (CVE-2007-2754) Users of FreeType should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25476
    published 2007-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25476
    title RHEL 2.1 / 3 / 4 / 5 : freetype (RHSA-2007:0403)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_124420.NASL
    description X11 6.4.1: freetype2 patch. Date this patch was last updated by Sun : Aug/11/08
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 24396
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24396
    title Solaris 8 (sparc) : 124420-04
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1334.NASL
    description A problem was discovered with freetype, a FreeType2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 25743
    published 2007-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25743
    title Debian DSA-1334-1 : freetype - integer overflow
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200705-22.NASL
    description The remote host is affected by the vulnerability described in GLSA-200705-22 (FreeType: Buffer overflow) Victor Stinner discovered a heap-based buffer overflow in the function Get_VMetrics() in src/truetype/ttgload.c when processing TTF files with a negative n_points attribute. Impact : A remote attacker could entice a user to open a specially crafted TTF file, possibly resulting in the execution of arbitrary code with the privileges of the user running FreeType. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25361
    published 2007-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25361
    title GLSA-200705-22 : FreeType: Buffer overflow
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119812.NASL
    description X11 6.6.2: FreeType patch. Date this patch was last updated by Sun : Apr/27/17 This plugin has been deprecated and either replaced with individual 119812 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 24371
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24371
    title Solaris 10 (sparc) : 119812-22 (deprecated)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119813-18.NASL
    description X11 6.6.2_x86: FreeType patch. Date this patch was last updated by Sun : May/30/12
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107848
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107848
    title Solaris 10 (x86) : 119813-18
oval via4
  • accepted 2013-04-29T04:13:15.770-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.
    family unix
    id oval:org.mitre.oval:def:11325
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.
    version 24
  • accepted 2008-02-25T04:00:11.261-05:00
    class vulnerability
    contributors
    name Nicholas Hansen
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 8 (SPARC) is installed
      oval oval:org.mitre.oval:def:1539
    • comment Solaris 9 (SPARC) is installed
      oval oval:org.mitre.oval:def:1457
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 8 (x86) is installed
      oval oval:org.mitre.oval:def:2059
    • comment Solaris 9 (x86) is installed
      oval oval:org.mitre.oval:def:1683
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.
    family unix
    id oval:org.mitre.oval:def:5532
    status accepted
    submitted 2008-01-09T07:41:41.000-05:00
    title Security Vulnerability in FreeType 2 Font Engine May Allow Privilege Escalation Due to Heap Overflow
    version 32
redhat via4
advisories
  • bugzilla
    id 240200
    title CVE-2007-2754 freetype integer overflow
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhba:tst:20070026001
      • OR
        • AND
          • comment freetype is earlier than 0:2.1.4-7.el3
            oval oval:com.redhat.rhsa:tst:20070403002
          • comment freetype is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070150003
        • AND
          • comment freetype-devel is earlier than 0:2.1.4-7.el3
            oval oval:com.redhat.rhsa:tst:20070403004
          • comment freetype-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070150005
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304001
      • OR
        • AND
          • comment freetype is earlier than 0:2.1.9-6.el4
            oval oval:com.redhat.rhsa:tst:20070403007
          • comment freetype is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070150003
        • AND
          • comment freetype-demos is earlier than 0:2.1.9-6.el4
            oval oval:com.redhat.rhsa:tst:20070403009
          • comment freetype-demos is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070150012
        • AND
          • comment freetype-devel is earlier than 0:2.1.9-6.el4
            oval oval:com.redhat.rhsa:tst:20070403008
          • comment freetype-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070150005
        • AND
          • comment freetype-utils is earlier than 0:2.1.9-6.el4
            oval oval:com.redhat.rhsa:tst:20070403011
          • comment freetype-utils is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070150010
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment freetype is earlier than 0:2.2.1-19.el5
            oval oval:com.redhat.rhsa:tst:20070403014
          • comment freetype is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070150015
        • AND
          • comment freetype-demos is earlier than 0:2.2.1-19.el5
            oval oval:com.redhat.rhsa:tst:20070403016
          • comment freetype-demos is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070150017
        • AND
          • comment freetype-devel is earlier than 0:2.2.1-19.el5
            oval oval:com.redhat.rhsa:tst:20070403018
          • comment freetype-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070150019
    rhsa
    id RHSA-2007:0403
    released 2007-06-11
    severity Moderate
    title RHSA-2007:0403: freetype security update (Moderate)
  • rhsa
    id RHSA-2009:0329
  • rhsa
    id RHSA-2009:1062
rpms
  • freetype-0:2.1.4-7.el3
  • freetype-devel-0:2.1.4-7.el3
  • freetype-0:2.1.9-6.el4
  • freetype-demos-0:2.1.9-6.el4
  • freetype-devel-0:2.1.9-6.el4
  • freetype-utils-0:2.1.9-6.el4
  • freetype-0:2.2.1-19.el5
  • freetype-demos-0:2.2.1-19.el5
  • freetype-devel-0:2.2.1-19.el5
  • freetype-0:2.1.4-12.el3
  • freetype-devel-0:2.1.4-12.el3
  • freetype-0:2.1.9-10.el4.7
  • freetype-demos-0:2.1.9-10.el4.7
  • freetype-devel-0:2.1.9-10.el4.7
  • freetype-utils-0:2.1.9-10.el4.7
refmap via4
apple
  • APPLE-SA-2007-11-14
  • APPLE-SA-2009-05-12
bid 24074
bugtraq
  • 20070524 FLEA-2007-0020-1: freetype
  • 20070613 FLEA-2007-0025-1: openoffice.org
cert TA09-133A
confirm
debian
  • DSA-1302
  • DSA-1334
fedora
  • FEDORA-2009-5558
  • FEDORA-2009-5644
gentoo
  • GLSA-200705-22
  • GLSA-200707-02
  • GLSA-200805-07
mandriva MDKSA-2007:121
mlist [ft-devel] 20070427 Bug in fuzzed TTF file
openpkg OpenPKG-SA-2007.018
osvdb 36509
sectrack 1018088
secunia
  • 25350
  • 25353
  • 25386
  • 25463
  • 25483
  • 25609
  • 25612
  • 25654
  • 25705
  • 25808
  • 25894
  • 25905
  • 26129
  • 26305
  • 28298
  • 30161
  • 35074
  • 35200
  • 35204
  • 35233
sgi 20070602-01-P
sunalert
  • 102967
  • 103171
  • 200033
suse SUSE-SA:2007:041
trustix 2007-0019
ubuntu USN-466-1
vupen
  • ADV-2007-1894
  • ADV-2007-2229
  • ADV-2008-0049
  • ADV-2009-1297
Last major update 30-10-2012 - 22:36
Published 17-05-2007 - 18:30
Last modified 16-10-2018 - 12:45
Back to Top