This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200905-05
(FreeType: Multiple vulnerabilities)
Tavis Ormandy reported multiple integer overflows in the
cff_charset_compute_cids() function in cff/cffload.c, sfnt/tccmap.c and
the ft_smooth_render_generic() function in smooth/ftsmooth.c, possibly
leading to heap or stack-based buffer overflows.
A remote attacker could entice a user or automated system to open a
specially crafted font file, possibly resulting in the execution of
arbitrary code with the privileges of the user running the application,
or a Denial of Service.
There is no known workaround at this time.
See also :
All FreeType users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=media-libs/freetype-2.3.9-r1'
Risk factor :
Critical / CVSS Base Score : 10.0
Family: Gentoo Local Security Checks
Nessus Plugin ID: 38886 (gentoo_GLSA-200905-05.nasl)
CVE ID: CVE-2009-0946