Package: vnc4 Severity: important Tags: security I have been working on a tool called Clonewise to automatically identify embedded code copies in Debian packages and determine if they are out of date and vulnerable. Ideally, embedding code and libraries should be avoided and a system wide library should be used instead.
I recently ran the tool on Debian 6 stable. The results are here at http://www.foocodechu.com/downloads/Clonewise-report.txt* *The vnc4 package reported potential issues appended to this message. The analysis tries to justify why it believes a library or code is embedded in the package and if the relationship is not already being tracked by Debian in the embedded-code-copies database it shows the files that are shared between the two pieces of software. Apologies if these are false positives. Your help in advising me on whether these issues are real will help me improve the analysis for the future. -- Silvio Cesare Deakin University ### Summary: ### freetype CLONED_IN_SOURCE vnc4 <unfixed> CVE-2010-2805 freetype CLONED_IN_SOURCE vnc4 <unfixed> CVE-2010-2806 freetype CLONED_IN_SOURCE vnc4 <unfixed> CVE-2010-3311 ### Reports by package: ### # Package vnc4 may be vulnerable to the following issues: # CVE-2010-2805 CVE-2010-2806 CVE-2010-3311 # SUMMARY: The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. # # CVE-2010-2805 relates to a vulnerability in package freetype. # The following source filenames are likely responsible: # ftstream.c # # The following package clones are NOT tracked in the embedded-code-copies # database. # freetype CLONED_IN_SOURCE vnc4 <unfixed> CVE-2010-2805 MATCH adler.c/adler.c (5.128144) MATCH afangles.c/ahangles.c (9.810275) MATCH afglobal.c/ahglobal.c (9.810275) MATCH afmodule.c/afbmodule.c (9.810275) MATCH afpic.c/alpic.c (9.117128) MATCH bdf.c/bdf.c (7.171218) MATCH bdfdrivr.c/bdfdrivr.c (7.507690) MATCH bdflib.c/bdflib.c (7.507690) MATCH cff.c/cff.c (7.171218) MATCH cffcmap.c/cfbcmap.c (9.117128) MATCH cffdrivr.c/cffdrivr.c (7.507690) MATCH cffgload.c/cffgload.c (7.507690) MATCH cffobjs.c/cffobjs.c (7.507690) MATCH cffparse.c/cffparse.c (7.507690) MATCH cidgload.c/cidgload.c (7.507690) MATCH cidobjs.c/cidobjs.c (7.507690) MATCH cidparse.c/cidparse.c (7.507690) MATCH cidriver.c/cgdriver.c (9.810275) MATCH common.c/common.c (3.870104) MATCH cordic.py/cordic.py (7.730834) MATCH docmaker.py/docmaker.py (7.730834) MATCH example.c/example.c (4.547585) MATCH ftapi.c/ftapi.c (7.507690) MATCH ftbase.c/ftbase.c (7.412380) MATCH ftbbox.c/ftbbox.c (7.507690) MATCH ftbdf.c/ftbdf.c (7.507690) MATCH ftcache.c/fccache.c (8.711663) MATCH ftcalc.c/ftcalc.c (7.507690) MATCH ftccmap.c/ftccmap.c (7.507690) MATCH ftcglyph.c/ftcglyph.c (7.507690) MATCH ftcimage.c/ftcimage.c (7.507690) MATCH ftcmanag.c/ftcmanag.c (7.507690) MATCH ftcsbits.c/ftcsbits.c (7.507690) MATCH ftdbgmem.c/ftdbgmem.c (7.507690) MATCH ftdebug.c/fdebug.c (9.117128) MATCH ftdump.c/ftdump.c (8.200837) MATCH ftgasp.c/ftxgasp.c (9.117128) MATCH ftgloadr.c/ftgloadr.c (7.507690) MATCH ftglyph.c/fbglyph.c (9.117128) MATCH ftgrays.c/ftgrays.c (7.412380) MATCH ftinit.c/fbinit.c (9.117128) MATCH ftlint.c/ftlint.c (8.423981) MATCH ftmac.c/ftmac.c (7.325368) MATCH ftmm.c/ftmem.c (9.810275) MATCH ftobjs.c/ftobjs.c (7.507690) MATCH ftoutln.c/ftoutln.c (7.507690) MATCH ftraster.c/ftraster.c (7.507690) MATCH ftrend.c/ftrend.c (7.507690) MATCH ftsbit.c/ftsbit.c (8.423981) MATCH ftsmooth.c/ftsmooth.c (7.507690) MATCH ftsnames.c/ftnames.c (8.200837) MATCH ftstream.c/ftstream.c (7.507690) MATCH ftstring.c/ftstring.c (8.423981) MATCH ftsynth.c/ftsynth.c (7.507690) MATCH ftsystem.c/ftsysmem.c (9.810275) MATCH fttimer.c/fttimer.c (8.423981) MATCH fttrigon.c/fttrigon.c (7.507690) MATCH fttype.c/fttype.c (7.507690) MATCH ftutil.c/fbutil.c (8.423981) MATCH ftview.c/ftview.c (8.423981) MATCH ftxf.c/ftxf.c (7.507690) MATCH ftzopen.c/ftxopen.c (8.711663) MATCH glnames.py/glnames.py (7.730834) MATCH grwin.c/gwwin.c (9.117128) MATCH gxvmod.c/xvmod.c (9.117128) MATCH infblock.c/infblock.c (6.865836) MATCH infcodes.c/infcodes.c (6.977062) MATCH inflate.c/inflate.c (5.137446) MATCH inftrees.c/inftrees.c (5.310465) MATCH infutil.c/infutil.c (6.919903) MATCH otvbase.c/otlbase.c (9.810275) MATCH otvcommn.c/otlcommn.c (9.810275) MATCH otvgdef.c/otlgdef.c (9.810275) MATCH otvgpos.c/otlgpos.c (9.810275) MATCH otvgsub.c/otlgsub.c (9.810275) MATCH otvjstf.c/otljstf.c (9.810275) MATCH pcf.c/pcf.c (7.037686) MATCH pcfdrivr.c/pcfdriver.c (9.810275) MATCH pcfread.c/pcfread.c (7.325368) MATCH pcfutil.c/pcfutil.c (7.507690) MATCH pfr.c/pfr.c (7.507690) MATCH pfrcmap.c/pfrcmap.c (7.507690) MATCH pfrdrivr.c/pfrdrivr.c (7.507690) MATCH pfrgload.c/pfrgload.c (7.507690) MATCH pfrobjs.c/pfrobjs.c (7.507690) MATCH psaux.c/psaux.c (7.507690) MATCH psauxmod.c/psauxmod.c (7.507690) MATCH psconv.c/pconv.c (8.423981) MATCH pshalgo.c/pshalgo.c (7.507690) MATCH pshglob.c/pshglob.c (7.507690) MATCH pshinter.c/pshinter.c (7.507690) MATCH pshmod.c/pshmod.c (7.507690) MATCH pshrec.c/pshrec.c (7.507690) MATCH psmodule.c/psmodule.c (7.507690) MATCH psnames.c/psnames.c (7.507690) MATCH psobjs.c/psobjs.c (7.507690) MATCH raster.c/raster.c (6.674781) MATCH sfdriver.c/sdriver.c (8.711663) MATCH sfnt.c/sfnt.c (7.325368) MATCH sfobjs.c/sfobjs.c (7.507690) MATCH smooth.c/smooth.c (6.313767) MATCH tafm.c/tafm.c (7.507690) MATCH tcmap.c/cmap.c (6.719233) MATCH tdecode.c/decode.c (5.310465) MATCH tdriver.c/ctdriver.c (9.117128) MATCH tdrivr.c/tdriver.c (7.507690) MATCH testbbox.c/testbbox.c (7.507690) MATCH testtrig.c/testtrig.c (7.325368) MATCH tgload.c/tgload.c (7.507690) MATCH tparse.c/parse.c (3.949489) MATCH truetype.c/truetype.c (7.171218) MATCH ttcmap.c/tcmap.c (7.412380) MATCH ttdebug.c/ftdebug.c (7.507690) MATCH ttinterp.c/ttinterp.c (7.412380) MATCH ttpload.c/ttgload.c (7.507690) MATCH ttpost.c/ttpost.c (7.412380) MATCH type.c/type.c (5.332938) MATCH typecid.c/typecid.c (7.507690) MATCH winfnt.c/winfnt.c (7.507690) MATCH xtest.c/ftest.c (7.171218) MATCH zutil.c/util.c (3.004553) # SUMMARY: Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. # # CVE-2010-2806 relates to a vulnerability in package freetype. # The following source filenames are likely responsible: # tparse.c # # The following package clones are NOT tracked in the embedded-code-copies # database. # freetype CLONED_IN_SOURCE vnc4 <unfixed> CVE-2010-2806 MATCH adler.c/adler.c (5.128144) MATCH afangles.c/ahangles.c (9.810275) MATCH afglobal.c/ahglobal.c (9.810275) MATCH afmodule.c/afbmodule.c (9.810275) MATCH afpic.c/alpic.c (9.117128) MATCH bdf.c/bdf.c (7.171218) MATCH bdfdrivr.c/bdfdrivr.c (7.507690) MATCH bdflib.c/bdflib.c (7.507690) MATCH cff.c/cff.c (7.171218) MATCH cffcmap.c/cfbcmap.c (9.117128) MATCH cffdrivr.c/cffdrivr.c (7.507690) MATCH cffgload.c/cffgload.c (7.507690) MATCH cffobjs.c/cffobjs.c (7.507690) MATCH cffparse.c/cffparse.c (7.507690) MATCH cidgload.c/cidgload.c (7.507690) MATCH cidobjs.c/cidobjs.c (7.507690) MATCH cidparse.c/cidparse.c (7.507690) MATCH cidriver.c/cgdriver.c (9.810275) MATCH common.c/common.c (3.870104) MATCH cordic.py/cordic.py (7.730834) MATCH docmaker.py/docmaker.py (7.730834) MATCH example.c/example.c (4.547585) MATCH ftapi.c/ftapi.c (7.507690) MATCH ftbase.c/ftbase.c (7.412380) MATCH ftbbox.c/ftbbox.c (7.507690) MATCH ftbdf.c/ftbdf.c (7.507690) MATCH ftcache.c/fccache.c (8.711663) MATCH ftcalc.c/ftcalc.c (7.507690) MATCH ftccmap.c/ftccmap.c (7.507690) MATCH ftcglyph.c/ftcglyph.c (7.507690) MATCH ftcimage.c/ftcimage.c (7.507690) MATCH ftcmanag.c/ftcmanag.c (7.507690) MATCH ftcsbits.c/ftcsbits.c (7.507690) MATCH ftdbgmem.c/ftdbgmem.c (7.507690) MATCH ftdebug.c/fdebug.c (9.117128) MATCH ftdump.c/ftdump.c (8.200837) MATCH ftgasp.c/ftxgasp.c (9.117128) MATCH ftgloadr.c/ftgloadr.c (7.507690) MATCH ftglyph.c/fbglyph.c (9.117128) MATCH ftgrays.c/ftgrays.c (7.412380) MATCH ftinit.c/fbinit.c (9.117128) MATCH ftlint.c/ftlint.c (8.423981) MATCH ftmac.c/ftmac.c (7.325368) MATCH ftmm.c/ftmem.c (9.810275) MATCH ftobjs.c/ftobjs.c (7.507690) MATCH ftoutln.c/ftoutln.c (7.507690) MATCH ftraster.c/ftraster.c (7.507690) MATCH ftrend.c/ftrend.c (7.507690) MATCH ftsbit.c/ftsbit.c (8.423981) MATCH ftsmooth.c/ftsmooth.c (7.507690) MATCH ftsnames.c/ftnames.c (8.200837) MATCH ftstream.c/ftstream.c (7.507690) MATCH ftstring.c/ftstring.c (8.423981) MATCH ftsynth.c/ftsynth.c (7.507690) MATCH ftsystem.c/ftsysmem.c (9.810275) MATCH fttimer.c/fttimer.c (8.423981) MATCH fttrigon.c/fttrigon.c (7.507690) MATCH fttype.c/fttype.c (7.507690) MATCH ftutil.c/fbutil.c (8.423981) MATCH ftview.c/ftview.c (8.423981) MATCH ftxf.c/ftxf.c (7.507690) MATCH ftzopen.c/ftxopen.c (8.711663) MATCH glnames.py/glnames.py (7.730834) MATCH grwin.c/gwwin.c (9.117128) MATCH gxvmod.c/xvmod.c (9.117128) MATCH infblock.c/infblock.c (6.865836) MATCH infcodes.c/infcodes.c (6.977062) MATCH inflate.c/inflate.c (5.137446) MATCH inftrees.c/inftrees.c (5.310465) MATCH infutil.c/infutil.c (6.919903) MATCH otvbase.c/otlbase.c (9.810275) MATCH otvcommn.c/otlcommn.c (9.810275) MATCH otvgdef.c/otlgdef.c (9.810275) MATCH otvgpos.c/otlgpos.c (9.810275) MATCH otvgsub.c/otlgsub.c (9.810275) MATCH otvjstf.c/otljstf.c (9.810275) MATCH pcf.c/pcf.c (7.037686) MATCH pcfdrivr.c/pcfdriver.c (9.810275) MATCH pcfread.c/pcfread.c (7.325368) MATCH pcfutil.c/pcfutil.c (7.507690) MATCH pfr.c/pfr.c (7.507690) MATCH pfrcmap.c/pfrcmap.c (7.507690) MATCH pfrdrivr.c/pfrdrivr.c (7.507690) MATCH pfrgload.c/pfrgload.c (7.507690) MATCH pfrobjs.c/pfrobjs.c (7.507690) MATCH psaux.c/psaux.c (7.507690) MATCH psauxmod.c/psauxmod.c (7.507690) MATCH psconv.c/pconv.c (8.423981) MATCH pshalgo.c/pshalgo.c (7.507690) MATCH pshglob.c/pshglob.c (7.507690) MATCH pshinter.c/pshinter.c (7.507690) MATCH pshmod.c/pshmod.c (7.507690) MATCH pshrec.c/pshrec.c (7.507690) MATCH psmodule.c/psmodule.c (7.507690) MATCH psnames.c/psnames.c (7.507690) MATCH psobjs.c/psobjs.c (7.507690) MATCH raster.c/raster.c (6.674781) MATCH sfdriver.c/sdriver.c (8.711663) MATCH sfnt.c/sfnt.c (7.325368) MATCH sfobjs.c/sfobjs.c (7.507690) MATCH smooth.c/smooth.c (6.313767) MATCH tafm.c/tafm.c (7.507690) MATCH tcmap.c/cmap.c (6.719233) MATCH tdecode.c/decode.c (5.310465) MATCH tdriver.c/ctdriver.c (9.117128) MATCH tdrivr.c/tdriver.c (7.507690) MATCH testbbox.c/testbbox.c (7.507690) MATCH testtrig.c/testtrig.c (7.325368) MATCH tgload.c/tgload.c (7.507690) MATCH tparse.c/parse.c (3.949489) MATCH truetype.c/truetype.c (7.171218) MATCH ttcmap.c/tcmap.c (7.412380) MATCH ttdebug.c/ftdebug.c (7.507690) MATCH ttinterp.c/ttinterp.c (7.412380) MATCH ttpload.c/ttgload.c (7.507690) MATCH ttpost.c/ttpost.c (7.412380) MATCH type.c/type.c (5.332938) MATCH typecid.c/typecid.c (7.507690) MATCH winfnt.c/winfnt.c (7.507690) MATCH xtest.c/ftest.c (7.171218) MATCH zutil.c/util.c (3.004553) # SUMMARY: Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797. # # CVE-2010-3311 relates to a vulnerability in package freetype. # The following source filenames are likely responsible: # ftstream.c # # The following package clones are NOT tracked in the embedded-code-copies # database. # freetype CLONED_IN_SOURCE vnc4 <unfixed> CVE-2010-3311 MATCH adler.c/adler.c (5.128144) MATCH afangles.c/ahangles.c (9.810275) MATCH afglobal.c/ahglobal.c (9.810275) MATCH afmodule.c/afbmodule.c (9.810275) MATCH afpic.c/alpic.c (9.117128) MATCH bdf.c/bdf.c (7.171218) MATCH bdfdrivr.c/bdfdrivr.c (7.507690) MATCH bdflib.c/bdflib.c (7.507690) MATCH cff.c/cff.c (7.171218) MATCH cffcmap.c/cfbcmap.c (9.117128) MATCH cffdrivr.c/cffdrivr.c (7.507690) MATCH cffgload.c/cffgload.c (7.507690) MATCH cffobjs.c/cffobjs.c (7.507690) MATCH cffparse.c/cffparse.c (7.507690) MATCH cidgload.c/cidgload.c (7.507690) MATCH cidobjs.c/cidobjs.c (7.507690) MATCH cidparse.c/cidparse.c (7.507690) MATCH cidriver.c/cgdriver.c (9.810275) MATCH common.c/common.c (3.870104) MATCH cordic.py/cordic.py (7.730834) MATCH docmaker.py/docmaker.py (7.730834) MATCH example.c/example.c (4.547585) MATCH ftapi.c/ftapi.c (7.507690) MATCH ftbase.c/ftbase.c (7.412380) MATCH ftbbox.c/ftbbox.c (7.507690) MATCH ftbdf.c/ftbdf.c (7.507690) MATCH ftcache.c/fccache.c (8.711663) MATCH ftcalc.c/ftcalc.c (7.507690) MATCH ftccmap.c/ftccmap.c (7.507690) MATCH ftcglyph.c/ftcglyph.c (7.507690) MATCH ftcimage.c/ftcimage.c (7.507690) MATCH ftcmanag.c/ftcmanag.c (7.507690) MATCH ftcsbits.c/ftcsbits.c (7.507690) MATCH ftdbgmem.c/ftdbgmem.c (7.507690) MATCH ftdebug.c/fdebug.c (9.117128) MATCH ftdump.c/ftdump.c (8.200837) MATCH ftgasp.c/ftxgasp.c (9.117128) MATCH ftgloadr.c/ftgloadr.c (7.507690) MATCH ftglyph.c/fbglyph.c (9.117128) MATCH ftgrays.c/ftgrays.c (7.412380) MATCH ftinit.c/fbinit.c (9.117128) MATCH ftlint.c/ftlint.c (8.423981) MATCH ftmac.c/ftmac.c (7.325368) MATCH ftmm.c/ftmem.c (9.810275) MATCH ftobjs.c/ftobjs.c (7.507690) MATCH ftoutln.c/ftoutln.c (7.507690) MATCH ftraster.c/ftraster.c (7.507690) MATCH ftrend.c/ftrend.c (7.507690) MATCH ftsbit.c/ftsbit.c (8.423981) MATCH ftsmooth.c/ftsmooth.c (7.507690) MATCH ftsnames.c/ftnames.c (8.200837) MATCH ftstream.c/ftstream.c (7.507690) MATCH ftstring.c/ftstring.c (8.423981) MATCH ftsynth.c/ftsynth.c (7.507690) MATCH ftsystem.c/ftsysmem.c (9.810275) MATCH fttimer.c/fttimer.c (8.423981) MATCH fttrigon.c/fttrigon.c (7.507690) MATCH fttype.c/fttype.c (7.507690) MATCH ftutil.c/fbutil.c (8.423981) MATCH ftview.c/ftview.c (8.423981) MATCH ftxf.c/ftxf.c (7.507690) MATCH ftzopen.c/ftxopen.c (8.711663) MATCH glnames.py/glnames.py (7.730834) MATCH grwin.c/gwwin.c (9.117128) MATCH gxvmod.c/xvmod.c (9.117128) MATCH infblock.c/infblock.c (6.865836) MATCH infcodes.c/infcodes.c (6.977062) MATCH inflate.c/inflate.c (5.137446) MATCH inftrees.c/inftrees.c (5.310465) MATCH infutil.c/infutil.c (6.919903) MATCH otvbase.c/otlbase.c (9.810275) MATCH otvcommn.c/otlcommn.c (9.810275) MATCH otvgdef.c/otlgdef.c (9.810275) MATCH otvgpos.c/otlgpos.c (9.810275) MATCH otvgsub.c/otlgsub.c (9.810275) MATCH otvjstf.c/otljstf.c (9.810275) MATCH pcf.c/pcf.c (7.037686) MATCH pcfdrivr.c/pcfdriver.c (9.810275) MATCH pcfread.c/pcfread.c (7.325368) MATCH pcfutil.c/pcfutil.c (7.507690) MATCH pfr.c/pfr.c (7.507690) MATCH pfrcmap.c/pfrcmap.c (7.507690) MATCH pfrdrivr.c/pfrdrivr.c (7.507690) MATCH pfrgload.c/pfrgload.c (7.507690) MATCH pfrobjs.c/pfrobjs.c (7.507690) MATCH psaux.c/psaux.c (7.507690) MATCH psauxmod.c/psauxmod.c (7.507690) MATCH psconv.c/pconv.c (8.423981) MATCH pshalgo.c/pshalgo.c (7.507690) MATCH pshglob.c/pshglob.c (7.507690) MATCH pshinter.c/pshinter.c (7.507690) MATCH pshmod.c/pshmod.c (7.507690) MATCH pshrec.c/pshrec.c (7.507690) MATCH psmodule.c/psmodule.c (7.507690) MATCH psnames.c/psnames.c (7.507690) MATCH psobjs.c/psobjs.c (7.507690) MATCH raster.c/raster.c (6.674781) MATCH sfdriver.c/sdriver.c (8.711663) MATCH sfnt.c/sfnt.c (7.325368) MATCH sfobjs.c/sfobjs.c (7.507690) MATCH smooth.c/smooth.c (6.313767) MATCH tafm.c/tafm.c (7.507690) MATCH tcmap.c/cmap.c (6.719233) MATCH tdecode.c/decode.c (5.310465) MATCH tdriver.c/ctdriver.c (9.117128) MATCH tdrivr.c/tdriver.c (7.507690) MATCH testbbox.c/testbbox.c (7.507690) MATCH testtrig.c/testtrig.c (7.325368) MATCH tgload.c/tgload.c (7.507690) MATCH tparse.c/parse.c (3.949489) MATCH truetype.c/truetype.c (7.171218) MATCH ttcmap.c/tcmap.c (7.412380) MATCH ttdebug.c/ftdebug.c (7.507690) MATCH ttinterp.c/ttinterp.c (7.412380) MATCH ttpload.c/ttgload.c (7.507690) MATCH ttpost.c/ttpost.c (7.412380) MATCH type.c/type.c (5.332938) MATCH typecid.c/typecid.c (7.507690) MATCH winfnt.c/winfnt.c (7.507690) MATCH xtest.c/ftest.c (7.171218) MATCH zutil.c/util.c (3.004553)
