Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 625626 - (CVE-2010-2805) CVE-2010-2805 freetype: FT_Stream_EnterFrame() does not properly validate certain position values
CVE-2010-2805 freetype: FT_Stream_EnterFrame() does not properly validate cer...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
public=20100804,reported=20100819,sou...
: Security
Depends On: 638522 638838 638839
Blocks:
  Show dependency treegraph
 
Reported: 2010-08-19 20:29 EDT by Vincent Danen
Modified: 2015-11-24 09:34 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-06-02 14:46:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Public PoC (29.70 KB, application/x-troff-man)
2010-09-27 02:31 EDT, Huzaifa S. Sidhpurwala 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0864 normal SHIPPED_LIVE Important: freetype security update 2010-11-09 13:50:14 EST

  None (edit)
Description Vincent Danen 2010-08-19 20:29:44 EDT 
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2805 to
the following vulnerability:

Name: CVE-2010-2805
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2805
Assigned: 20100722
Reference: MLIST:[oss-security] 20100806 Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more
Reference: URL: http://marc.info/?l=oss-security&m=128111955616772&w=2
Reference: CONFIRM: http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2
Reference: CONFIRM: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=45a3c76b547511fa9d97aca34b150a0663257375
Reference: CONFIRM: http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view
Reference: CONFIRM: https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019
Reference: CONFIRM: https://savannah.nongnu.org/bugs/?30644
Reference: UBUNTU:USN-972-1
Reference: URL: http://www.ubuntu.com/usn/USN-972-1
Reference: BID:42285
Reference: URL: http://www.securityfocus.com/bid/42285
Reference: SECUNIA:40816
Reference: URL: http://secunia.com/advisories/40816
Reference: SECUNIA:40982
Reference: URL: http://secunia.com/advisories/40982
Reference: VUPEN:ADV-2010-2018
Reference: URL: http://www.vupen.com/english/advisories/2010/2018
Reference: VUPEN:ADV-2010-2106
Reference: URL: http://www.vupen.com/english/advisories/2010/2106

The FT_Stream_EnterFrame function in base/ftstream.c in FreeType
before 2.4.2 does not properly validate certain position values, which
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted font file.
Comment 3 Huzaifa S. Sidhpurwala 2010-09-27 02:31:23 EDT 
Created attachment 449832 [details]
Public PoC
Comment 7 Jan Lieskovsky 2010-09-27 09:16:14 EDT 
This issue did NOT affect the versions of the freetype package, as shipped
with Red Hat Enterprise Linux 3, 4, or 5.

--

This issue affects the versions of the freetype package, as shipped
with Fedora release of 12 and 13.

This issue did NOT affect the versions of the mingw32-freetype package,
as shipped with Fedora release of 12 and 13 and as present within EPEL-5
repository.
Comment 9 Jan Lieskovsky 2010-09-27 13:16:33 EDT 
Statement:

Not vulnerable. This issue did not affect the versions of freetype as
shipped with Red Hat Enterprise Linux 3, 4, or 5.
Comment 10 Huzaifa S. Sidhpurwala 2010-09-29 05:06:29 EDT 
Created freetype tracking bugs for this issue

Affects: fedora-all [bug 638522]
Comment 12 errata-xmlrpc 2010-11-10 13:58:13 EST 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2010:0864 https://rhn.redhat.com/errata/RHSA-2010-0864.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.