Multiple stack overflow flaws have been reported in the way
FreeType font rendering engine processed certain CFF opcodes.
An attacker could use these flaws to create a specially-crafted
font file that, when opened, would cause an application linked
against libfreetype to crash, or, possibly execute arbitrary code.
Red Hat would like to thank Braden Thomas of the Apple Product Security team
for reporting these issues.
Created attachment 436501 [details]
Proposed FreeType CVE-2010-1797 patch from Apple
This deficiency affects the version of the vnc-server package, as shipped
with Red Hat Enteprise Linux 3 (it contains and uses own embedded copy of
the freetype library).
Red Hat Security Response Team does not consider the vnc-server bug to be
a security issue. The only way this is exploitable in the vnc-server package
is if a bad font would be included in the vncserver font path. But that means,
the attacker already has access to the user account in question.
This flaw does NOT affect the version of the vnc-server package, as shipped
with Red Hat Enterprise Linux 4 and 5.
This flaw does NOT affect the version of the XFree86 package, as shipped
with Red Hat Enterprise Linux 3, as it uses FreeType library, present on
This flaw does NOT affect the version of the xorg-x11 package, as shipped
with Red Hat Enterprise Linux 4, as it use FreeType library, present on
Created freetype tracking bugs for this issue
Affects: fedora-all [bug 621627]
This issue has been addressed in following products:
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2010:0607 https://rhn.redhat.com/errata/RHSA-2010-0607.html