oss-sec mailing list archives
Re: Multiple bugs in freetype
From: Josh Bressers <bressers () redhat com>
Date: Wed, 14 Jul 2010 13:45:31 -0400 (EDT)
I'm also adding a CVE id for the buffer overflows in the freetype demo programs: CVE-2010-2527 http://savannah.nongnu.org/bugs/index.php?30054 The fix is here: http://git.savannah.gnu.org/cgit/freetype/freetype2-demos.git/commit/?id=b995299b73ba4cd259f221f500d4e63095508bec Thanks. -- JB ----- "Robert Święcki" <robert () swiecki net> wrote:
FYI I've reported recently multiple problems in freetype (around ~20), most of them are NULL-ptr derefs, stack exhaustion and div by zero issues, but the rest might be interesting. RedHat was kind enough to assign CVE numbers to some of them. vendor-sec members tend to treat it as public issues, so reposting here:CVE-2010-2497 freetype integer underflow #30082 #30083 CVE-2010-2498 freetype invalid free #30106 CVE-2010-2499 freetype buffer overflow #30248 #30249 CVE-2010-2500 freetype integer overflow #30263 CVE-2010-2519 freetype heap buffer overflow #30306 CVE-2010-2520 freetype buffer overflow on heap #30361I wasn't trying to make weaponized exploits, although some of those issues are clearly exploitable. The full list http://savannah.nongnu.org/bugs/index.php?group=freetype&func=browse&set=custom&report_id=101&submitted_by=78858 -- Robert Swiecki - http://www.swiecki.net
Current thread:
- Multiple bugs in freetype Robert Święcki (Jul 13)
- Re: Multiple bugs in freetype Pierre Joye (Jul 14)
- Re: Multiple bugs in freetype Josh Bressers (Jul 14)