FreeType CID-keyed Font Parsing Vulnerabilities
Last Update Date:
16 Nov 2011 10:22
Release Date:
16 Nov 2011
5178
Views
RISK: Medium Risk
TYPE: Operating Systems - Linux
![TYPE: Linux](/f/bulletin_type/100001/37p37/operation-system-linux.png)
Multiple vulnerabilities have been identified in FreeType, which can be exploited by malicious people to compromise an application using the library. The vulnerabilities are caused due to errors in src/cid/cidload.c when parsing CID-keyed Type 1 fonts. This can be exploited to corrupt memory via a specially crafted font file.
Impact
- Remote Code Execution
System / Technologies affected
- FreeType 2.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 2.4.8.
Vulnerability Identifier
Source
Related Link
Share with