DSA-1454 freetype -- integer overflowID: oval:org.mitre.oval:def:8204 | Date: (C)2009-12-15 (M)2021-06-02 |
Class: PATCH | Family: unix |
Greg MacManus discovered an integer overflow in the font handling of libfreetype, a FreeType 2 font engine, which might lead to denial of service or possibly the execution of arbitrary code if a user is tricked into opening a malformed font. For the old stable distribution (sarge) this problem will be fixed soon. For the stable distribution (etch), this problem has been fixed in version 2.2.1-5+etch2. For the unstable distribution (sid), this problem has been fixed in version 2.3.5-1. We recommend that you upgrade your freetype packages.