Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2805 to the following vulnerability: Name: CVE-2010-2805 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2805 Assigned: 20100722 Reference: MLIST:[oss-security] 20100806 Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more Reference: URL: http://marc.info/?l=oss-security&m=128111955616772&w=2 Reference: CONFIRM: http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2 Reference: CONFIRM: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=45a3c76b547511fa9d97aca34b150a0663257375 Reference: CONFIRM: http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view Reference: CONFIRM: https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019 Reference: CONFIRM: https://savannah.nongnu.org/bugs/?30644 Reference: UBUNTU:USN-972-1 Reference: URL: http://www.ubuntu.com/usn/USN-972-1 Reference: BID:42285 Reference: URL: http://www.securityfocus.com/bid/42285 Reference: SECUNIA:40816 Reference: URL: http://secunia.com/advisories/40816 Reference: SECUNIA:40982 Reference: URL: http://secunia.com/advisories/40982 Reference: VUPEN:ADV-2010-2018 Reference: URL: http://www.vupen.com/english/advisories/2010/2018 Reference: VUPEN:ADV-2010-2106 Reference: URL: http://www.vupen.com/english/advisories/2010/2106 The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
Created attachment 449832 [details] Public PoC
This issue did NOT affect the versions of the freetype package, as shipped with Red Hat Enterprise Linux 3, 4, or 5. -- This issue affects the versions of the freetype package, as shipped with Fedora release of 12 and 13. This issue did NOT affect the versions of the mingw32-freetype package, as shipped with Fedora release of 12 and 13 and as present within EPEL-5 repository.
Statement: Not vulnerable. This issue did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Created freetype tracking bugs for this issue Affects: fedora-all [bug 638522]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2010:0864 https://rhn.redhat.com/errata/RHSA-2010-0864.html