Mandriva Update For Freetype2 MDKSA-2007:121 (freetype2) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

An integer overflow vulnerability was discovered in the way the FreeType font engine processed TTF files. If a user were to load a special font file with a program linked against freetype, it could cause the application to crash or possibly execute arbitrary code as the user running the program. The updated packages have been patched to prevent this issue.

Affected

freetype2 on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64

Severity

Classification

CVE CVE-2007-2754
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:068-1 (poppler)
Mandrake Security Advisory MDVSA-2009:124 (apache)
Mandrake Security Advisory MDVSA-2009:201 (fetchmail)
Mandrake Security Advisory MDVSA-2009:047 (vim)
Mandrake Security Advisory MDVSA-2009:025 (pidgin)

Mandriva Update for freetype2 MDKSA-2007:121 (freetype2)

Take action and discover your vulnerabilities