CVE-2010-2805

Priority
Medium
Description
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before
2.4.2 does not properly validate certain position values, which allows
remote attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via a crafted font file.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (2.4.2)
Patches:
Upstream:http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=45a3c76b547511fa9d97aca34b150a0663257375
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:38:48 UTC (commit 9756)