Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-1334-1 freetype -- integer overflow

Related Vulnerabilities: CVE-2007-2754  

A problem was discovered with freetype, a FreeType2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files. For the old stable distribution (sarge), this problem has been fixed in version 2.1.7-8. We recommend that you upgrade your freetype package.

Source

Debian Security Advisory

DSA-1334-1 freetype -- integer overflow

Date Reported:
18 Jul 2007
Affected Packages:
freetype
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2007-2754.
More information:

A problem was discovered with freetype, a FreeType2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.

For the old stable distribution (sarge), this problem has been fixed in version 2.1.7-8.

We recommend that you upgrade your freetype package.

Fixed in:

Debian GNU/Linux 3.1 alias sarge

Source:
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-8.diff.gz
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-8.dsc
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7.orig.tar.gz
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_amd64.deb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_amd64.udeb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_amd64.deb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_amd64.deb
arm architecture (ARM)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_arm.deb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_arm.udeb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_arm.deb
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_arm.deb
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_hppa.deb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_hppa.udeb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_hppa.deb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_hppa.deb
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_i386.udeb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_i386.deb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_i386.deb
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_i386.deb
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_ia64.deb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_ia64.deb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_ia64.udeb
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_ia64.deb
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_m68k.deb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_m68k.udeb
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_m68k.deb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_m68k.deb
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_mipsel.deb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_mipsel.deb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_mipsel.udeb
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_mipsel.deb
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_powerpc.deb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_powerpc.udeb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_powerpc.deb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_powerpc.deb
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_s390.deb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_s390.deb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_s390.udeb
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_s390.deb
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_sparc.deb
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_sparc.deb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_sparc.udeb
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started