Skip to main content

FreeType CID-keyed Font Parsing Vulnerabilities

Last Update Date: 16 Nov 2011 10:22 Release Date: 16 Nov 2011 5678 Views

RISK: Medium Risk

TYPE: Operating Systems - Linux

TYPE: Linux

Multiple vulnerabilities have been identified in FreeType, which can be exploited by malicious people to compromise an application using the library.  The vulnerabilities are caused due to errors in src/cid/cidload.c when parsing CID-keyed Type 1 fonts. This can be exploited to corrupt memory via a specially crafted font file.


Impact

  • Remote Code Execution

System / Technologies affected

  • FreeType 2.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 2.4.8.

Vulnerability Identifier


Source


Related Link