In association with heise online

11 June 2008, 13:34

Multiple security holes in Freetype2 font parsing library

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to a report published by security service provider iDefense, four vulnerabilities in the Freetype2 library for TrueType fonts endanger the security of various applications and systems, such as X.Org, Second Life and Sun Java JRE. In the processing of manipulated PFB and TrueType fonts, heap overflows and other errors occur that allow attackers to inject code into a system and launch it in the context of the application. However, for the attack to succeed victims have to load a specially prepared font.

iDefense says it has confirmed that the flaw affects and library version 2.3.5. Previous versions of Freetype may also be affected. The flaws have been remedied in version 2.3.6. Linux distributors and vendors of other operating systems and applications should be publishing their own updates soon.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit