Robert Swiecki reported multiple buffer overflows in the freetype demo applications. The demo application could crash or, possibly, lead to the execution of arbitrary code if an attacker were able to get a victim to load a malicious font file. This is CVE-2010-2527 http://savannah.nongnu.org/bugs/index.php?30054 The fix is here: http://git.savannah.gnu.org/cgit/freetype/freetype2-demos.git/commit/?id=b995299b73ba4cd259f221f500d4e63095508bec Acknowledgements: Red Hat would like to thank Robert Święcki of the Google Security Team for the discovery of these issues.
Created freetype tracking bugs for this issue Affects: fedora-all [bug 613299]
Upstream has released 2.4.0 to correct this issue: http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Via RHSA-2010:0577 https://rhn.redhat.com/errata/RHSA-2010-0577.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0578 https://rhn.redhat.com/errata/RHSA-2010-0578.html