Package: freetype Severity: grave Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2007-3506 [0]: The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug." This vulnerability may allow access to the accounts of users who use the package. The original bug report [1] provides instructions on how to reproduce the issue, but I have been unable to do so. The CVE links to a patch from freetype's CVS [2]; the code appears to have changed between Debian's 2.2 and upstream's 2.3 enough that I can't locate where in ftbitmap.c the offending code exists (if at all). If this does turn out to affect Debian's version, please note the CVE in the changelog. Thanks, Alec [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3506 [1] http://savannah.nongnu.org/bugs/index.php?19536 [2] http://cvs.savannah.nongnu.org/viewvc/freetype2/src/base/ftbitmap.c?root=freetype&r1=1.17&r2=1.18&diff_format=u - -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.18-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGjnKrAud/2YgchcQRAp2sAJ4mMhM+ovCOQ+PczjdsL5AjB+PzFACgjGJu xU+tJZN4TvZ6hShfJm1o0RA= =GVM+ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
