Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493. http://www.securityfocus.com/archive/1/archive/1/436836/100/0/threaded http://sourceforge.net/project/shownotes.php?release_id=416463 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190593#c8 https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=128606 https://issues.rpath.com/browse/RPL-429
This issue has been addressed in following products: Red Hat Enterprise Linux 2.1 Via RHSA-2009:1062 https://rhn.redhat.com/errata/RHSA-2009-1062.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Via RHSA-2009:0329 https://rhn.redhat.com/errata/RHSA-2009-0329.html
This issue has been addressed in following products: Red Hat Linux Enterprise 2.1 Via RHSA-2009:1062 available at https://rhn.redhat.com/errata/RHSA-2009-1062.html