CVE-2010-2805

Priority
Medium
Description
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before
2.4.2 does not properly validate certain position values, which allows
remote attackers to cause a denial of service (application crash) or
possibly execute arbitrary code via a crafted font file.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (2.4.2)
Ubuntu 8.04 LTS (Hardy Heron):released (2.3.5-1ubuntu4.8.04.4)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.3.11-1ubuntu2.2)
Patches:
Upstream:http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=45a3c76b547511fa9d97aca34b150a0663257375
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:21:13 UTC (commit 5347)