| Vulnerability Name: | CVE-2007-2754 (CCN-34431) | ||||||||||||||||||||||||||||||||||||
| Assigned: | 2007-04-27 | ||||||||||||||||||||||||||||||||||||
| Published: | 2007-04-27 | ||||||||||||||||||||||||||||||||||||
| Updated: | 2023-02-13 | ||||||||||||||||||||||||||||||||||||
| Summary: | Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. | ||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-190 | ||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||
| References: | Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: MITRE Type: CNA CVE-2007-2754 Source: MITRE Type: CNA CVE-2007-3408 Source: secalert@redhat.com Type: Patch secalert@redhat.com Source: CCN Type: Apple Web site About the security content of Safari 3 Beta Update 3.0.4 Source: CCN Type: Freetype Web site The Freetype Project Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: ft-devel Mailing List, Fri, 27 Apr 2007 17:03:02 +0200 Bug in fuzzed TTF file Source: secalert@redhat.com Type: Exploit secalert@redhat.com Source: CCN Type: RHSA-2007-0403 Moderate: freetype security update Source: CCN Type: RHSA-2009-0329 Important: freetype security update Source: CCN Type: RHSA-2009-1062 Important: freetype security update Source: CCN Type: SA25350 FreeType TTF Font Parsing Vulnerability Source: CCN Type: SA25705 Sun StarOffice Office Suite RTF File and FreeType Font Parsing Vulnerabilities Source: CCN Type: SA25810 Dia FreeType Font Parsing Vulnerabilities Source: CCN Type: SA26305 Avaya Products FreeType TTF Font Parsing Vulnerability Source: CCN Type: SA28298 Sun Solaris FreeType TTF Font Parsing Vulnerability Source: CCN Type: SA30161 Gentoo ltsp Multiple Vulnerabilities Source: CCN Type: SA35074 Apple Mac OS X Security Update Fixes Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1018088 FreeType Integer Overflow in TT_Load_Simple_Glyph() Lets Remote Users Execute Arbitrary Code Source: CCN Type: SourceForge.net: Files dia Win32 Installer - File Release Notes and Changelog - Release Name: 0.96.1-6 Source: CCN Type: Sun Alert ID: 102967 Integer Overflow and Heap-Based Buffer Overflow Vulnerability in 3rd Party Module (Freetype) Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: Sun Alert ID: 103171 Security Vulnerability in FreeType 2 Font Engine May Allow Privilege Escalation Due to Heap Overflow Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: ASA-2007-273 Integer Overflow and Heap-Based Buffer Overflow Vulnerability in 3rd Party Module (Freetype) (Sun 102967) Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: ASA-2007-330 FreeType security update (RHSA-2007-0403) Source: CCN Type: ASA-2008-029 Security Vulnerability in FreeType 2 Font Engine May Allow Privilege Escalation Due to Heap Overflow (Sun 103171) Source: CCN Type: ASA-2009-226 freetype security update (RHSA-2009-0329) Source: CCN Type: ASA-2009-243 freetype security update (RHSA-2009-1062) Source: CCN Type: Nortel Technical Support Security Advisory Bulletin 2008008603, Rev 1 Nortel response to Sun Solaris Vulnerability in FreeType 2 Font Engine Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: DEBIAN Type: DSA-1302 freetype -- integer overflow Source: DEBIAN Type: DSA-1334 freetype -- integer overflow Source: CCN Type: GLSA-200705-22 FreeType: Buffer overflow Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: GLSA-200707-02 OpenOffice.org: Two buffer overflows Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: GLSA-200805-07 Linux Terminal Server Project: Multiple vulnerabilities Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: GLSA-201006-01 FreeType 1: User-assisted execution of arbitrary code Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: OpenPKG-SA-2007.018 FreeType Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: OSVDB ID: 36509 FreeType truetype/ttgload.c TTF Image Handling Overflow Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: BID-24074 FreeType TT_Load_Simple_Glyph() TTF File Integer Overflow Vulnerability Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: USN-466-1 freetype vulnerability Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: US Government Resource secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: Red Hat Bugzilla Bug 240200 CVE-2007-2754 freetype integer overflow Source: secalert@redhat.com Type: Exploit secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: XF Type: UNKNOWN freetype-ttgload-bo(34431) Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: SUSE Type: SUSE-SA:2007:041 freetype2 security problem | ||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||