Security hole in FreeType
Manipulated True Type fonts could cause an integer overflow in the FreeType library, leading to subsequent arbitrary code execution. Applications such as web browsers that are linked to the library may either crash when trying to integrate manipulated TTF files or execute arbitrary code with user privileges.
The FreeType developers have already fixed this bug in the function TT_Load_Simple_Glyph() from the file ttgload.c in the version control system. So far, Linux distributors have not provided updated FreeType packages. Users are advised to install them immediately as soon as they are available.
- Bug in fuzzed TTF file, advisory on the FreeType developer mailing list
- [ http://cvs.savannah.nongnu.org/viewvc/freetype2/src/truetype/ttgload.c?roo t=freetype&r1=1.177&r2=1.178 Patch] in the FreeType version control system
(mba)