Bug 112769 - [patch] [security] print/freetype2 fix for heap overflow
Summary: [patch] [security] print/freetype2 fix for heap overflow
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-gnome (Nobody)
Depends on:
Reported: 2007-05-18 21:30 UTC by Nick Barkas
Modified: 2007-05-21 23:30 UTC (History)
1 user (show)

See Also:

patch-src_truetype_ttgload.c (920 bytes, text/plain)
2007-05-18 21:30 UTC, Nick Barkas
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Nick Barkas 2007-05-18 21:30:03 UTC
See http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2754

"Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier
might allow remote attackers to execute arbitrary code via a crafted TTF image
with a negative n_points value, which leads to an integer overflow and
heap-based buffer overflow."

This bug can allow remote code execution, so this should probably be added to
the VuXML. Maintainer has been CC'd.

Fix: The latest release of FreeType does not seem to include a fix for this, but this
patch should fix the problem. I put it in the port's files directory,
incremented portrevision, and portupgrade took care of updating the port for me.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2007-05-18 21:30:15 UTC
Responsible Changed
From-To: freebsd-ports-bugs->gnome

Over to maintainer
Comment 2 Joe Marcus Clarke freebsd_committer freebsd_triage 2007-05-21 23:24:23 UTC
State Changed
From-To: open->closed

Committed, thanks!
Comment 3 dfilter service freebsd_committer freebsd_triage 2007-05-21 23:24:24 UTC
marcus      2007-05-21 22:24:16 UTC

  FreeBSD ports repository

  Modified files:
    print/freetype2      Makefile 
  Added files:
    print/freetype2/files patch-src_truetype_ttgload.c 
  Fix the integer signedness error in freetype2 that is described in
  http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2754 .
  PR:             112769
  Submitted by:   Nick Barkas <snb@threerings.net>
  Obtained from:  Freetype CVS
  Security:       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2754
  Approved by:    portmgr (implicit)
  Revision  Changes    Path
  1.78      +1 -1      ports/print/freetype2/Makefile
  1.1       +32 -0     ports/print/freetype2/files/patch-src_truetype_ttgload.c (new)
cvs-all@freebsd.org mailing list
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"