Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 06 Aug 2010 15:35:25 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
CC: oss-security <oss-security@...ts.openwall.com>
Subject: CVE Request -- FreeType -- Memory corruption flaw by processing certain
 LWFN fonts

Hi Steve, vendors,

   A memory corruption flaw was found in the way FreeType font rendering engine
processed certain Adobe Type 1 Mac Font File (LWFN) fonts. An attacker
could use this flaw to create a specially-crafted font file that, when
opened, would cause an application linked against libfreetype to crash,
or, possibly execute arbitrary code.

Upstream bug report:
   [1] https://savannah.nongnu.org/bugs/?30658

Public reproducer:
   [2] http://alt.swiecki.net/j/f/sigsegv31.ttf

Upstream changeset:
   [3] http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=81f3472c0ba7b8f6466e2e214fa8c1c17fade975

References:
   [4] https://bugzilla.redhat.com/show_bug.cgi?id=621907

Credit: Robert Swiecki

Could you allocate a CVE id for this?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.