FreeType TTF File Remote Denial of Service Vulnerability
BID:18329
CVE-2006-2661 |Info
FreeType TTF File Remote Denial of Service Vulnerability
| Bugtraq ID: | 18329 |
| Class: | Design Error |
| CVE: |
CVE-2006-2661 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 08 2006 12:00AM |
| Updated: | Feb 01 2007 03:49AM |
| Credit: | Josh Bressers discovered this vulnerability. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 SuSE Linux Enterprise Server 9 Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 10.0_x86 Sun Solaris 10.0 SGI ProPack 3.0 SP6 S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 rPath rPath Linux 1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 OpenPKG OpenPKG 2.5 OpenPKG OpenPKG 2.0 OpenPKG OpenPKG Current Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 FreeType FreeType 2.2 FreeType FreeType 0 Avaya S8710 R2.0.1 Avaya S8710 R2.0.0 Avaya S8700 R2.0.1 Avaya S8700 R2.0.0 Avaya S8500 R2.0.1 Avaya S8500 R2.0.0 Avaya S8300 R2.0.1 Avaya S8300 R2.0.0 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server Avaya Message Networking Avaya Intuity LX |
| Not Vulnerable: |
FreeType FreeType 2.2.1 |
Discussion
FreeType TTF File Remote Denial of Service Vulnerability
FreeType is prone to a denial-of-service vulnerability. This issue is due to a flaw in the library that causes a NULL-pointer dereference.
This issue allows remote attackers to crash applications that use the affected library, denying service to legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
FreeType is prone to a denial-of-service vulnerability. This issue is due to a flaw in the library that causes a NULL-pointer dereference.
This issue allows remote attackers to crash applications that use the affected library, denying service to legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
Exploit / POC
FreeType TTF File Remote Denial of Service Vulnerability
The following exploit demonstrates this issue by instigating a crash in the affected library:
The following exploit demonstrates this issue by instigating a crash in the affected library:
Solution / Fix
FreeType TTF File Remote Denial of Service Vulnerability
Solution:
The vendor has released version 2.2.1 of FreeType to address this issue.
Please see the referenced vendor advisories for information on obtaining and applying fixes.
Sun Solaris 10.0
FreeType FreeType 2.2
Sun Solaris 8_sparc
Sun Solaris 10.0_x86
FreeType FreeType 0
Sun Solaris 9
Sun Solaris 9_x86
Sun Solaris 8_x86
Solution:
The vendor has released version 2.2.1 of FreeType to address this issue.
Please see the referenced vendor advisories for information on obtaining and applying fixes.
Sun Solaris 10.0
-
Sun 119812-02
http://sunsolve.sun.com/
FreeType FreeType 2.2
-
FreeType freetype-2.2.1.tar.bz2
http://prdownloads.sourceforge.net/freetype/freetype-2.2.1.tar.bz2?dow nload
Sun Solaris 8_sparc
Sun Solaris 10.0_x86
-
Sun 119813-02
http://sunsolve.sun.com/
FreeType FreeType 0
-
FreeType freetype-2.2.1.tar.bz2
http://prdownloads.sourceforge.net/freetype/freetype-2.2.1.tar.bz2?dow nload
Sun Solaris 9
-
Sun 116105-06
http://sunsolve.sun.com/
Sun Solaris 9_x86
-
Sun 116106-06
http://sunsolve.sun.com/
Sun Solaris 8_x86
References
FreeType TTF File Remote Denial of Service Vulnerability
References:
References:
- ASA-2006-176 - freetype security update (RHSA-2006-0500) (Avaya)
- Bugzilla Bug 183676 �?? CVE-2006-0747 Freetype integer underflow (CVE-2006-2661) (Red Hat)
- FreeType Homepage (FreeType)
- Release Name: 2.2.1 (FreeType)
- RHSA-2006:0500-10 - freetype security update (RedHat)
- rPSA-2006-0100-1 freetype (rPath)
- Sun Alert ID: 102705 - Security Vulnerabilities (Integer Overflows and a Denial (Sun)