[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Multiple bugs in freetype
From:       Robert Święcki <robert () swiecki ! net>
Date:       2010-07-13 21:34:47
Message-ID: AANLkTiliVp55vqtftqHUd1VbwK2FpvsH3ud98ijKmsNr () mail ! gmail ! com
[Download RAW message or body]

FYI

I've reported recently multiple problems in freetype (around ~20),
most of them are NULL-ptr derefs, stack exhaustion and div by zero
issues, but the rest might be interesting. RedHat was kind enough to
assign CVE numbers to some of them. vendor-sec members tend to treat
it as public issues, so reposting here:

> CVE-2010-2497 freetype integer underflow #30082 #30083
> CVE-2010-2498 freetype invalid free #30106
> CVE-2010-2499 freetype buffer overflow #30248 #30249
> CVE-2010-2500 freetype integer overflow #30263
> CVE-2010-2519 freetype heap buffer overflow #30306
> CVE-2010-2520 freetype buffer overflow on heap #30361

I wasn't trying to make weaponized exploits, although some of those
issues are clearly exploitable.

The full list

http://savannah.nongnu.org/bugs/index.php?group=freetype&func=browse&set=custom&report_id=101&submitted_by=78858


-- 
Robert Swiecki - http://www.swiecki.net


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic