FreeType: Multiple integer overflows Multiple remotely exploitable buffer overflows have been discovered in FreeType, resulting in the execution of arbitrary code. FreeType 2006-07-09 2006-09-03 124828 remote 2.1.10-r2 2.0 2.1.10-r2

FreeType is a portable font engine.

Multiple integer overflows exist in a variety of files (bdf/bdflib.c, sfnt/ttcmap.c, cff/cffgload.c, base/ftmac.c).

A remote attacker could exploit these buffer overflows by enticing a user to load a specially crafted font, which could result in the execution of arbitrary code.

There is no known workaround at this time.

All FreeType users should upgrade to the latest stable version:

# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.1.10-r2" CVE-2006-1861 falco hlieberman falco