RHSA-2010:0577: Important: freetype security update
First published: Fri Jul 30 2010(Updated: )
FreeType is a free, high-quality, portable font engine that can open and<br>manage font files. It also loads, hints, and renders individual glyphs<br>efficiently. These packages provide both the FreeType 1 and FreeType 2 font<br>engines.<br>An integer overflow flaw was found in the way the FreeType font engine<br>processed font files. If a user loaded a carefully-crafted font file with<br>an application linked against FreeType, it could cause the application to<br>crash or, possibly, execute arbitrary code with the privileges of the user<br>running the application. (CVE-2010-2500)<br>Several buffer overflow flaws were found in the FreeType demo applications.<br>If a user loaded a carefully-crafted font file with a demo application, it<br>could cause the application to crash or, possibly, execute arbitrary code<br>with the privileges of the user running the application. (CVE-2010-2527,<br>CVE-2010-2541)<br>Red Hat would like to thank Robert Swiecki of the Google Security Team for<br>the discovery of the CVE-2010-2500 and CVE-2010-2527 issues.<br>Note: All of the issues in this erratum only affect the FreeType 2 font<br>engine.<br>Users are advised to upgrade to these updated packages, which contain<br>backported patches to correct these issues. The X server must be restarted<br>(log out, then log back in) for this update to take effect.<br>
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/description
- agent/event
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/redhat-errata
- anchor-id/RHSA-2010:0577