Computer Security
[EN] securityvulns.ru no-pyccku


FreeType security vulnerabilities
Published:14.01.2013
Source:
SecurityVulns ID:12834
Type:library
Threat Level:
6/10
Description:Multiple vulnerabilities on BDF fonts parsing.
Affected:FREETYPE : FreeType 2.4
CVE:CVE-2012-5670 (The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value.)
 CVE-2012-5669 (The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.)
 CVE-2012-5668 (FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function.)
Original documentdocumentUBUNTU, [USN-1686-1] FreeType vulnerabilities (14.01.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod