FreeType: Multiple vulnerabilities — GLSA 201201-09

Multiple vulnerabilities have been found in FreeType, allowing remote attackers to possibly execute arbitrary code or cause a Denial of Service.

Affected packages

Background

FreeType is a high-quality and portable font engine.

Description

Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted font, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8"
 

References

• CVE-2010-1797
• CVE-2010-2497
• CVE-2010-2498
• CVE-2010-2499
• CVE-2010-2500
• CVE-2010-2519
• CVE-2010-2520
• CVE-2010-2527
• CVE-2010-2541
• CVE-2010-2805
• CVE-2010-2806
• CVE-2010-2807
• CVE-2010-2808
• CVE-2010-3053
• CVE-2010-3054
• CVE-2010-3311
• CVE-2010-3814
• CVE-2010-3855
• CVE-2011-0226
• CVE-2011-3256
• CVE-2011-3439

Release date
January 23, 2012

Latest revision
January 23, 2012: 1

Severity
normal

Exploitable
remote

Bugzilla entries

• 332701
• 342121
• 345843
• 377143
• 387535
• 390623