CVE-2010-2805

Priority
Medium
Description
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before
2.4.2 does not properly validate certain position values, which allows
remote attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via a crafted font file.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (2.4.2)
Patches:
Upstream:http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=45a3c76b547511fa9d97aca34b150a0663257375
More Information

Updated: 2016-03-23 03:37:13 UTC (commit 10817)