CVE-2007-2754
CVE-2007-2754
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.aschttp://cvs.savannah.nongnu.org/viewvc/freetype2/src/truetype/ttgload.c?root=freetype&r1=1.177&r2=1.178http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlhttp://lists.gnu.org/archive/html/freetype-devel/2007-04/msg00041.htmlhttp://osvdb.org/36509https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240200https://bugzilla.redhat.com/show_bug.cgi?id=502565http://secunia.com/advisories/25350http://secunia.com/advisories/25353http://secunia.com/advisories/25386http://secunia.com/advisories/25463