freetype-2.2.1-28.0.1.AXS3
エラータID: AXSA:2010-460:03
The FreeType engine is a free and portable TrueType font rendering engine, developed to provide TrueType support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a font server or a complete text-rendering library.
Security issues fixed with this release:
CVE-2010-2806
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.
CVE-2010-2808
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.
CVE-2010-3054
Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.
CVE-2010-3311
No information available at the time of writing, see the CVE link below.
Update packages.
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.
Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.
Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.
N/A
SRPMS
- freetype-2.2.1-28.0.1.AXS3.src.rpm
MD5: de7c1956be9eb13209f6d0975effd30e
SHA-256: 0c178817d32a5b332b7e262e7016d8580203cbad316303fd6488b2cf95541c92
Size: 1.43 MB
Asianux Server 3 for x86
- freetype-2.2.1-28.0.1.AXS3.i386.rpm
MD5: a0f91c0251ff336f055362ae035e6ab4
SHA-256: 6955649bf213be0e5c7d3acb2837e2a26b368635ac9cde6a2da6399a824a4757
Size: 604.08 kB - freetype-demos-2.2.1-28.0.1.AXS3.i386.rpm
MD5: 98106a0420005e826e81758eca27bf9c
SHA-256: c49a3a8537a6e3e0fabfb7563f19dcdf1379e97a023fa0bff9f7a078e2406ff8
Size: 154.70 kB - freetype-devel-2.2.1-28.0.1.AXS3.i386.rpm
MD5: 64d351c0eefab708bcf803dfaf607393
SHA-256: 6310dfbcd7257ec0af43148c03c72f7859b3520d8abf16808953d695c677b1bc
Size: 149.57 kB
Asianux Server 3 for x86_64
- freetype-2.2.1-28.0.1.AXS3.x86_64.rpm
MD5: dc702c8e62c68e4ce022699c12ef173e
SHA-256: 925ade5d6b499a7bb0921c8c3041234190652aab848ed950ab0b4cb0f2d870f0
Size: 601.92 kB - freetype-demos-2.2.1-28.0.1.AXS3.x86_64.rpm
MD5: 3244e6626980faab7e01d94b8fb5016b
SHA-256: 4db11e55a2ad38f65107c6abe1dd1627782c78cb51c7d0595417ebcc6908fab1
Size: 162.74 kB - freetype-devel-2.2.1-28.0.1.AXS3.x86_64.rpm
MD5: d6e0061bb260c411378d8b9bba6ba4a8
SHA-256: 80c3cd075d3130a79a5d3912be3791ca54561d6b965d1f2b58d372bee91b6a97
Size: 149.56 kB
日本語