SUSE-SA:2006:037: freetype2, freetype2-devel

High Nessus Plugin ID 24417


The remote host is missing a vendor-supplied security patch


The remote host is missing the patch for the advisory SUSE-SA:2006:037 (freetype2, freetype2-devel).

The freetype2 library renders TrueType fonts for open source projects.
More than 900 packages on SUSE Linux use this library. Therefore the integer overflows in this code found by Josh Bressers and Chris Evans might have a high impact on the security of a desktop system.

The bugs can lead to a remote denial-of-service attack and may lead to remote command execution. The user needs to use a program that uses freetype2 (almost all GUI applications do) and let this program process malicious font data.


Plugin Details

Severity: High

ID: 24417

File Name: suse_SA_2006_037.nasl

Version: $Revision: 1.5 $

Agent: unix

Published: 2007/02/18

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list