[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Multiple bugs in freetype
From: Pierre Joye <pierre.php () gmail ! com>
Date: 2010-07-14 7:34:28
Message-ID: AANLkTiljcdeGc029EbLwGzVETd0_qHSYQPbVz_uokH6r () mail ! gmail ! com
[Download RAW message or body]
Thanks for the headup. FYI fixes are part of 2.4.0 as far as I can tell.
On Tue, Jul 13, 2010 at 11:34 PM, Robert Święcki <robert@swiecki.net> wrote:
> FYI
>
> I've reported recently multiple problems in freetype (around ~20),
> most of them are NULL-ptr derefs, stack exhaustion and div by zero
> issues, but the rest might be interesting. RedHat was kind enough to
> assign CVE numbers to some of them. vendor-sec members tend to treat
> it as public issues, so reposting here:
>
> > CVE-2010-2497 freetype integer underflow #30082 #30083
> > CVE-2010-2498 freetype invalid free #30106
> > CVE-2010-2499 freetype buffer overflow #30248 #30249
> > CVE-2010-2500 freetype integer overflow #30263
> > CVE-2010-2519 freetype heap buffer overflow #30306
> > CVE-2010-2520 freetype buffer overflow on heap #30361
>
> I wasn't trying to make weaponized exploits, although some of those
> issues are clearly exploitable.
>
> The full list
>
> http://savannah.nongnu.org/bugs/index.php?group=freetype&func=browse&set=custom&report_id=101&submitted_by=78858
>
> --
> Robert Swiecki - http://www.swiecki.net
>
--
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic