FreeType CID-keyed Font Parsing Vulnerabilities
Last Update Date:
16 Nov 2011 10:22
Release Date:
16 Nov 2011
5729
Views
RISK: Medium Risk
TYPE: Operating Systems - Linux
Multiple vulnerabilities have been identified in FreeType, which can be exploited by malicious people to compromise an application using the library. The vulnerabilities are caused due to errors in src/cid/cidload.c when parsing CID-keyed Type 1 fonts. This can be exploited to corrupt memory via a specially crafted font file.
Impact
- Remote Code Execution
System / Technologies affected
- FreeType 2.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 2.4.8.
Vulnerability Identifier
Source
Related Link
Share with