Synopsis: Moderate: freetype security update Issue date: 2007-06-11 CVE Names: CVE-2007-2754 An integer overflow flaw was found in the way the FreeType font engine processed TTF font files. If a user loaded a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. (CVE-2007-2754) SL 3.0.x SRPMS: freetype-2.1.4-7.el3.src.rpm i386: freetype-2.1.4-7.el3.i386.rpm freetype-demos-2.1.4-7.el3.i386.rpm freetype-devel-2.1.4-7.el3.i386.rpm freetype-utils-2.1.4-7.el3.i386.rpm x86_64: freetype-2.1.4-7.el3.i386.rpm freetype-2.1.4-7.el3.x86_64.rpm freetype-demos-2.1.4-7.el3.x86_64.rpm freetype-devel-2.1.4-7.el3.x86_64.rpm freetype-utils-2.1.4-7.el3.x86_64.rpm SL 4.x SRPMS: freetype-2.1.9-6.el4.src.rpm i386: freetype-2.1.9-6.el4.i386.rpm freetype-demos-2.1.9-6.el4.i386.rpm freetype-devel-2.1.9-6.el4.i386.rpm freetype-utils-2.1.9-6.el4.i386.rpm x86_64: freetype-2.1.9-6.el4.i386.rpm freetype-2.1.9-6.el4.x86_64.rpm freetype-demos-2.1.9-6.el4.x86_64.rpm freetype-devel-2.1.9-6.el4.x86_64.rpm freetype-utils-2.1.9-6.el4.x86_64.rpm SL 5.x SRPMS: freetype-2.2.1-19.el5.src.rpm i386: freetype-2.2.1-19.el5.i386.rpm freetype-demos-2.2.1-19.el5.i386.rpm freetype-devel-2.2.1-19.el5.i386.rpm x86_64: freetype-2.2.1-19.el5.i386.rpm freetype-2.2.1-19.el5.x86_64.rpm freetype-demos-2.2.1-19.el5.x86_64.rpm freetype-devel-2.2.1-19.el5.i386.rpm freetype-devel-2.2.1-19.el5.x86_64.rpm -Connie Sieh -Troy Dawson