Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Mandriva Update for freetype2 MDVSA-2010:236 (freetype2)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Check for the Version of freetype2
Insight
Insight
Multiple vulnerabilities were discovered and corrected in freetype2: An error within the " Ins_SHZ()" function in src/truetype/ttinterp.c when handling the " SHZ" bytecode instruction can be exploited to cause a crash and potentially execute arbitrary code via a specially crafted font (CVE-2010-3814). An error exists in the " ft_var_readpackedpoints()" function in src/truetype/ttgxvar.c when processing TrueType GX fonts and can be exploited to cause a heap-based buffer overflow via a specially crafted font (CVE-2010-3855). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149& products_id=490 The updated packages have been patched to correct these issues.
Affected Software
Affected Software
freetype2 on Mandriva Linux 2009.0, Mandriva Linux 2009.0/X86_64, Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64, Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64
Solution
Solution
Please Install the Updated Packages.