FreeType TrueType Font 'SHC' Heap Buffer Overflow Vulnerability

FreeType is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary within the context of the application using the FreeType library. Failed exploit attempts will result in a denial-of-service vulnerability.

NOTE: This issue may allow a local attacker using X.Org X server to gain elevated privileges on the affected computer.

FreeType 2.3.5 is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus