CVE-2010-2807

Priority
Medium
Description
FreeType before 2.4.2 uses incorrect integer data types during bounds
checking, which allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted font
file.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (2.4.2)
Ubuntu 8.04 LTS (Hardy Heron):released (2.3.5-1ubuntu4.8.04.4)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.3.11-1ubuntu2.2)
Patches:
Upstream:http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=346f1867fd32dae8f56e5b482d1af98f626804ac
Upstream:http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a205b3ca85d2d78aac71ea3c1df104972031d6ad
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:21:13 UTC (commit 5347)