Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
Software | From | Fixed in |
---|---|---|
debian / debian_linux | 5.0 | 5.0.x |
apple / mac_os_x | - | 10.6.5 |
canonical / ubuntu_linux | 10.04 | 10.04.x |
canonical / ubuntu_linux | 6.06 | 6.06.x |
canonical / ubuntu_linux | 8.04 | 8.04.x |
canonical / ubuntu_linux | 9.04 | 9.04.x |
canonical / ubuntu_linux | 9.10 | 9.10.x |
freetype / freetype | - | 2.4.0 |