|Main Archive Page > Month Archives > full-disclosure-uk archives|
-----BEGIN PGP SIGNED MESSAGE-----
A vulnerability caused by an integer signedness error was found  by Victor Stinner in the font rendering library Freetype , versions up to and including 2.3.4. The vulnerability might allow remote attackers to execute arbitrary code via a specially crafted TrueType Font (TTF) file with a negative "n_points" value, which leads to an integer overflow and heap-based buffer overflow .
Primary Package Name: freetype
Primary Package Home: http://openpkg.org/go/package/freetype
Corrected Distribution: Corrected Branch: Corrected Package:
OpenPKG Enterprise E1.0-SOLID freetype-2.2.1-E1.0.1
OpenPKG Community CURRENT freetype-2.3.4-20070524
For security reasons, this document was digitally signed with the OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34) which you can download from http://openpkg.com/openpkg.com.pgp or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/. Follow the instructions at http://openpkg.com/security/signatures/ for more details on how to verify the integrity of this document.
-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG GmbH <http://openpkg.com/>
-----END PGP SIGNATURE-----