Robert Swiecki reported an integer overflow flaw in freetype with how it handles glyphs. This could cause applications linked against freetype to crash or, possibly, lead to the execution of arbitrary code if an attacker were able to get a victim to load a malicious font file. The affected code is not present in Red Hat Enterprise Linux 5 (freetype 2.2.1). This issue has been given the name CVE-2010-2497. Upstream bug reports: http://savannah.nongnu.org/bugs/index.php?30082 http://savannah.nongnu.org/bugs/index.php?30083 Upstream commit that fixes the issue: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7d3d2cc4fef72c6be9c454b3809c387e12b44cfc Statement: Not vulnerable. This issue did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Created freetype tracking bugs for this issue Affects: fedora-all [bug 613299]
Upstream has released 2.4.0 to correct this issue: http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html