Multiple security holes in Freetype2 font parsing library
According to a report published by security service provider iDefense, four vulnerabilities in the Freetype2 library for TrueType fonts endanger the security of various applications and systems, such as X.Org, Second Life and Sun Java JRE. In the processing of manipulated PFB and TrueType fonts, heap overflows and other errors occur that allow attackers to inject code into a system and launch it in the context of the application. However, for the attack to succeed victims have to load a specially prepared font.
iDefense says it has confirmed that the flaw affects X.org and library version 2.3.5. Previous versions of Freetype may also be affected. The flaws have been remedied in version 2.3.6. Linux distributors and vendors of other operating systems and applications should be publishing their own updates soon.
- Multiple Vendor FreeType2 PFB Integer Overflow Vulnerability, iDefense's security advisory
- Multiple Vendor FreeType2 PFB Memory Corruption Vulnerability, iDefense's security advisory
- Multiple Vendor FreeType2 Multiple Heap Overflow Vulnerabilities, iDefense' security advisory