FreeBSD Bugzilla – Attachment 88159 Details for
Bug 124917
[patch] security/vuxml add vulnerabilities for freetype2 < 2.3.6
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
vuxml.patch
vuxml.patch (text/plain), 2.43 KB, created by
Nick Barkas
on 2008-06-24 02:10:01 UTC
(
hide
)
Description:
vuxml.patch
Filename:
MIME Type:
Creator:
Nick Barkas
Created:
2008-06-24 02:10:01 UTC
Size:
2.43 KB
patch
obsolete
>--- vuln.xml.orig 2008-06-22 14:08:08.000000000 -0700 >+++ vuln.xml 2008-06-23 18:02:59.000000000 -0700 >@@ -34,6 +34,58 @@ > > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="8ae3e5bb-4186-11dd-8a7c-00304835b4b2"> >+ <topic>FreeType 2 -- Multiple Vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>freetype2</name> >+ <range><lt>2.3.6</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <blockquote cite="http://secunia.com/advisories/30600"> >+ <ul> >+ <li>An integer overflow error exists in the processing of PFB font >+ files. This can be exploited to cause a heap-based buffer overflow >+ via a PFB file containing a specially crafted "Private" dictionary >+ table.</li> >+ <li>An error in the processing of PFB font files can be exploited to >+ trigger the "free()" of memory areas that are not allocated on the >+ heap.</li> >+ <li>An off-by-one error exists in the processing of PFB font files. >+ This can be exploited to cause a one-byte heap-based buffer >+ overflow via a specially crafted PFB file.</li> >+ <li>An off-by-one error exists in the implementation of the "SHC" >+ instruction while processing TTF files. This can be exploited to >+ cause a one-byte heap-based buffer overflow via a specially >+ crafted TTF file.</li> >+ </ul> >+ <p>Successful exploitation of the vulnerabilities may allow execution >+ of arbitrary code.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <bid>29637</bid> >+ <bid>29639</bid> >+ <bid>29640</bid> >+ <bid>29641</bid> >+ <cvename>CVE-2008-1806</cvename> >+ <cvename>CVE-2008-1807</cvename> >+ <cvename>CVE-2008-1808</cvename> >+ <url>http://secunia.com/advisories/30600</url> >+ <url>http://sourceforge.net/project/shownotes.php?release_id=605780</url> >+ <url>http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715</url> >+ <url>http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716</url> >+ <url>http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717</url> >+ </references> >+ <dates> >+ <discovery>2008-06-10</discovery> >+ <entry>2008-06-23</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="ee6fa2bd-406a-11dd-936a-0015af872849"> > <topic>php -- input validation error in posix_access function</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=88159">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 124917
: 88159