[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CESA-2015:0696 -- centos 7 freetype

ID: oval:org.secpod.oval:def:204181Date: (C)2017-04-04   (M)2022-10-10
Class: PATCHFamily: unix




FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Multiple flaws were found in the way FreeType handled fonts in various formats. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, possibly, disclose a portion of the application memory. All freetype users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted for this update to take effect.

Platform:
CentOS 7
Product:
freetype
Reference:
CESA-2015:0696
CVE-2014-9657
CVE-2014-9658
CVE-2014-9660
CVE-2014-9661
CVE-2014-9663
CVE-2014-9664
CVE-2014-9667
CVE-2014-9669
CVE-2014-9670
CVE-2014-9671
CVE-2014-9673
CVE-2014-9674
CVE-2014-9675
CVE    13
CVE-2014-9658
CVE-2014-9669
CVE-2014-9657
CVE-2014-9664
...
CPE    3
cpe:/o:centos:centos:7
cpe:/a:freetype:freetype
cpe:/a:freetype:freetype:2.5.3

© SecPod Technologies