Skip to navigation

CVE Database

CVE-2007-2754

Impact: Moderate
Public: 2007-04-27
Bugzilla: 240200: CVE-2007-2754 freetype integer overflow

Details

The MITRE CVE dictionary describes this issue as:

Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.

Find out more about CVE-2007-2754 from the MITRE CVE dictionary and NIST NVD.

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux version 2.1 (freetype) RHSA-2007:0403 June 11, 2007
Red Hat Enterprise Linux version 2.1 (freetype) RHSA-2009:1062 May 22, 2009
Red Hat Enterprise Linux version 3 (freetype) RHSA-2007:0403 June 11, 2007
Red Hat Enterprise Linux version 3 (freetype) RHSA-2009:0329 May 22, 2009
Red Hat Enterprise Linux version 4 (freetype) RHSA-2007:0403 June 11, 2007
Red Hat Enterprise Linux version 4 (freetype) RHSA-2009:0329 May 22, 2009
Red Hat Enterprise Linux version 5 (freetype) RHSA-2007:0403 June 11, 2007

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.