• info
• discussion
• exploit
• solution
• references

FreeType Stack Buffer Overflow and Memory Corruption Vulnerabilities

Solution:
Updates are available. Please see the references for more information.


Ubuntu Ubuntu Linux 9.10 powerpc

• Ubuntu freetype2-demos_2.3.9-5ubuntu0.2_powerpc.deb
  http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9 -5ubuntu0.2_powerpc.deb


• Ubuntu libfreetype6-dev_2.3.9-5ubuntu0.2_powerpc.deb
  http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5u buntu0.2_powerpc.deb


• Ubuntu libfreetype6-udeb_2.3.9-5ubuntu0.2_powerpc.udeb
  http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5 ubuntu0.2_powerpc.udeb


• Ubuntu libfreetype6_2.3.9-5ubuntu0.2_powerpc.deb
  http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubunt u0.2_powerpc.deb

Debian Linux 5.0 alpha

• Debian freetype2-demos_2.3.7-2+lenny3_alpha.deb
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demo s_2.3.7-2+lenny3_alpha.deb


• Debian libfreetype6-dev_2.3.7-2+lenny3_alpha.deb
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-d ev_2.3.7-2+lenny3_alpha.deb


• Debian libfreetype6-udeb_2.3.7-2+lenny3_alpha.udeb
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-u deb_2.3.7-2+lenny3_alpha.udeb


• Debian libfreetype6_2.3.7-2+lenny3_alpha.deb
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2 .3.7-2+lenny3_alpha.deb

Mandriva Linux Mandrake 2008.0

• Mandriva libfreetype6-2.3.5-2.5mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libfreetype6-devel-2.3.5-2.5mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libfreetype6-static-devel-2.3.5-2.5mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/

Ubuntu Ubuntu Linux 9.10 lpia

• Ubuntu freetype2-demos_2.3.9-5ubuntu0.2_lpia.deb
  http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9 -5ubuntu0.2_lpia.deb


• Ubuntu libfreetype6-dev_2.3.9-5ubuntu0.2_lpia.deb
  http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5u buntu0.2_lpia.deb


• Ubuntu libfreetype6-udeb_2.3.9-5ubuntu0.2_lpia.udeb
  http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5 ubuntu0.2_lpia.udeb


• Ubuntu libfreetype6_2.3.9-5ubuntu0.2_lpia.deb
  http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubunt u0.2_lpia.deb

Ubuntu Ubuntu Linux 9.04 sparc

• Ubuntu freetype2-demos_2.3.9-4ubuntu0.3_sparc.deb
  http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9 -4ubuntu0.3_sparc.deb


• Ubuntu libfreetype6-dev_2.3.9-4ubuntu0.3_sparc.deb
  http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4u buntu0.3_sparc.deb


• Ubuntu libfreetype6-udeb_2.3.9-4ubuntu0.3_sparc.udeb
  http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4 ubuntu0.3_sparc.udeb


• Ubuntu libfreetype6_2.3.9-4ubuntu0.3_sparc.deb
  http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubunt u0.3_sparc.deb

Ubuntu Ubuntu Linux 10.04 powerpc

• Ubuntu freetype2-demos_2.3.11-1ubuntu2.2_powerpc.deb
  http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.1 1-1ubuntu2.2_powerpc.deb


• Ubuntu libfreetype6-dev_2.3.11-1ubuntu2.2_powerpc.deb
  http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1 ubuntu2.2_powerpc.deb


• Ubuntu libfreetype6-udeb_2.3.11-1ubuntu2.2_powerpc.udeb
  http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11- 1ubuntu2.2_powerpc.udeb


• Ubuntu libfreetype6_2.3.11-1ubuntu2.2_powerpc.deb
  http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubun tu2.2_powerpc.deb

Ubuntu Ubuntu Linux 9.04 lpia

• Ubuntu freetype2-demos_2.3.9-4ubuntu0.3_lpia.deb
  http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9 -4ubuntu0.3_lpia.deb


• Ubuntu libfreetype6-dev_2.3.9-4ubuntu0.3_lpia.deb
  http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4u buntu0.3_lpia.deb


• Ubuntu libfreetype6-udeb_2.3.9-4ubuntu0.3_lpia.udeb
  http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4 ubuntu0.3_lpia.udeb


• Ubuntu libfreetype6_2.3.9-4ubuntu0.3_lpia.deb
  http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubunt u0.3_lpia.deb

Debian Linux 5.0 armel

• Debian freetype2-demos_2.3.7-2+lenny3_armel.deb
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demo s_2.3.7-2+lenny3_armel.deb


• Debian libfreetype6-dev_2.3.7-2+lenny3_armel.deb
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-d ev_2.3.7-2+lenny3_armel.deb


• Debian libfreetype6-udeb_2.3.7-2+lenny3_armel.udeb
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-u deb_2.3.7-2+lenny3_armel.udeb


• Debian libfreetype6_2.3.7-2+lenny3_armel.deb
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2 .3.7-2+lenny3_armel.deb

Ubuntu Ubuntu Linux 9.10 amd64

• Ubuntu freetype2-demos_2.3.9-5ubuntu0.2_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-d emos_2.3.9-5ubuntu0.2_amd64.deb


• Ubuntu libfreetype6-dev_2.3.9-5ubuntu0.2_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-de v_2.3.9-5ubuntu0.2_amd64.deb


• Ubuntu libfreetype6-udeb_2.3.9-5ubuntu0.2_amd64.udeb
  http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-ud eb_2.3.9-5ubuntu0.2_amd64.udeb


• Ubuntu libfreetype6_2.3.9-5ubuntu0.2_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2. 3.9-5ubuntu0.2_amd64.deb

Apple Mac OS X 10.6

• Apple MacOSXUpdCombo10.6.5.dmg
  For Mac OS X v10.6 - v10.6.3
  http://www.apple.com/support/downloads/

Mandriva Linux Mandrake 2009.0 x86_64

• Mandriva lib64freetype6-2.3.7-1.4mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva lib64freetype6-devel-2.3.7-1.4mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva lib64freetype6-static-devel-2.3.7-1.4mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/

Debian Linux 5.0 mips

• Debian freetype2-demos_2.3.7-2+lenny3_mips.deb
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demo s_2.3.7-2+lenny3_mips.deb


• Debian libfreetype6-dev_2.3.7-2+lenny3_mips.deb
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-d ev_2.3.7-2+lenny3_mips.deb


• Debian libfreetype6-udeb_2.3.7-2+lenny3_mips.udeb
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-u deb_2.3.7-2+lenny3_mips.udeb


• Debian libfreetype6_2.3.7-2+lenny3_mips.deb
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2 .3.7-2+lenny3_mips.deb

Ubuntu Ubuntu Linux 9.04 amd64

• Ubuntu freetype2-demos_2.3.9-4ubuntu0.3_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-d emos_2.3.9-4ubuntu0.3_amd64.deb


• Ubuntu libfreetype6-dev_2.3.9-4ubuntu0.3_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-de v_2.3.9-4ubuntu0.3_amd64.deb


• Ubuntu libfreetype6-udeb_2.3.9-4ubuntu0.3_amd64.udeb
  http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-ud eb_2.3.9-4ubuntu0.3_amd64.udeb


• Ubuntu libfreetype6_2.3.9-4ubuntu0.3_amd64.deb
  http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2. 3.9-4ubuntu0.3_amd64.deb

Debian Linux 5.0 sparc

• Debian freetype2-demos_2.3.7-2+lenny3_sparc.deb
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demo s_2.3.7-2+lenny3_sparc.deb


• Debian libfreetype6-dev_2.3.7-2+lenny3_sparc.deb
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-d ev_2.3.7-2+lenny3_sparc.deb


• Debian libfreetype6-udeb_2.3.7-2+lenny3_sparc.udeb
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-u deb_2.3.7-2+lenny3_sparc.udeb


• Debian libfreetype6_2.3.7-2+lenny3_sparc.deb
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2 .3.7-2+lenny3_sparc.deb

Mandriva Linux Mandrake 2009.1 x86_64

• Mandriva lib64freetype6-2.3.9-1.5mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva lib64freetype6-devel-2.3.9-1.5mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva lib64freetype6-static-devel-2.3.9-1.5mdv2009.1.x86_64.rpm
  http://www.mandriva.com/en/download/

MandrakeSoft Enterprise Server 5

• Mandriva libfreetype6-2.3.7-1.4mdvmes5.1.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libfreetype6-devel-2.3.7-1.4mdvmes5.1.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libfreetype6-static-devel-2.3.7-1.4mdvmes5.1.i586.rpm
  http://www.mandriva.com/en/download/

Debian Linux 5.0 s/390

• Debian freetype2-demos_2.3.7-2+lenny3_s390.deb
  http://security.debian.org/pool/updates/main/f/freetype/freetype2-demo s_2.3.7-2+lenny3_s390.deb


• Debian libfreetype6-dev_2.3.7-2+lenny3_s390.deb
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-d ev_2.3.7-2+lenny3_s390.deb


• Debian libfreetype6-udeb_2.3.7-2+lenny3_s390.udeb
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-u deb_2.3.7-2+lenny3_s390.udeb


• Debian libfreetype6_2.3.7-2+lenny3_s390.deb
  http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2 .3.7-2+lenny3_s390.deb

Ubuntu Ubuntu Linux 8.04 LTS lpia

• Ubuntu freetype2-demos_2.3.5-1ubuntu4.8.04.4_lpia.deb
  http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5 -1ubuntu4.8.04.4_lpia.deb


• Ubuntu libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_lpia.deb
  http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1u buntu4.8.04.4_lpia.deb


• Ubuntu libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_lpia.udeb
  http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3 .5-1ubuntu4.8.04.4_lpia.udeb


• Ubuntu libfreetype6_2.3.5-1ubuntu4.8.04.4_lpia.deb
  http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubunt u4.8.04.4_lpia.deb

Ubuntu Ubuntu Linux 6.06 LTS i386

• Ubuntu freetype2-demos_2.1.10-1ubuntu2.8_i386.deb
  http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-d emos_2.1.10-1ubuntu2.8_i386.deb


• Ubuntu libfreetype6-dev_2.1.10-1ubuntu2.8_i386.deb
  http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-de v_2.1.10-1ubuntu2.8_i386.deb


• Ubuntu libfreetype6-udeb_2.1.10-1ubuntu2.8_i386.udeb
  http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype 6-udeb_2.1.10-1ubuntu2.8_i386.udeb


• Ubuntu libfreetype6_2.1.10-1ubuntu2.8_i386.deb
  http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2. 1.10-1ubuntu2.8_i386.deb

Mandriva Linux Mandrake 2009.0

• Mandriva libfreetype6-2.3.7-1.4mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libfreetype6-devel-2.3.7-1.4mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libfreetype6-static-devel-2.3.7-1.4mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/

Apple Mac OS X 10.6.1

• Apple MacOSXUpdCombo10.6.5.dmg
  For Mac OS X v10.6 - v10.6.3
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.6.3

• Apple MacOSXUpdCombo10.6.5.dmg
  For Mac OS X v10.6 - v10.6.3
  http://www.apple.com/support/downloads/