Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:156)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been found and corrected in freetype2 :

The FT_Stream_EnterFrame function in base/ftstream.c in FreeType
before 2.4.2 does not properly validate certain position values, which
allows remote attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted font file
(CVE-2010-2805).

Array index error in the t42_parse_sfnts function in type42/t42parse.c
in FreeType before 2.4.2 allows remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via
negative size values for certain strings in FontType42 font files,
leading to a heap-based buffer overflow (CVE-2010-2806).

FreeType before 2.4.2 uses incorrect integer data types during bounds
checking, which allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
font file (CVE-2010-2807).

Buffer overflow in the Mac_Read_POST_Resource function in
base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to
cause a denial of service (memory corruption and application crash) or
possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font
File (aka LWFN) font (CVE-2010-2808).

bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause
a denial of service (application crash) via a crafted BDF font file,
related to an attempted modification of a value in a static string
(CVE-2010-3053).

Unspecified vulnerability in FreeType 2.3.9, and other versions before
2.4.2, allows remote attackers to cause a denial of service via
vectors involving nested Standard Encoding Accented Character (aka
seac) calls, related to psaux.h, cffgload.c, cffgload.h, and
t1decode.c (CVE-2010-3054).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=4
90

The updated packages have been patched to correct these issues.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 48402 (mandriva_MDVSA-2010-156.nasl)

Bugtraq ID: 42285

CVE ID: CVE-2010-2805
CVE-2010-2806
CVE-2010-2807
CVE-2010-3053
CVE-2010-3054

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now