Issue 77734 - freetype security bug (CVE-2007-2754)
Summary: freetype security bug (CVE-2007-2754)
Alias: None
Product: utilities
Classification: Unclassified
Component: code (show other issues)
Version: OOo 2.2.1 RC2
Hardware: All All
: P1 (highest) Trivial (vote)
Target Milestone: OOo 2.2.1
Assignee: eric.savary
QA Contact: Unknown
Keywords: security
Depends on:
Reported: 2007-05-23 21:00 UTC by rene
Modified: 2007-06-26 14:25 UTC (History)
4 users (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---


Note You need to log in before you can comment on or make changes to this issue.
Description rene 2007-05-23 21:00:26 UTC
bm saw it initially and mentioned it in already (but adfais
didn't file an issue) and I just saw this upload to Debian unstable.

 freetype (2.2.1-6) unstable; urgency=high
   * High-urgency upload for security fix.
   * Remove spurious patch file from the package diff, sigh.
   * Add debian/patches-freetype/CVE-2007-2754_ttgfload to address
     CVE-2007-2754, a bug allowing execution of arbitrary code via a crafted
     TTF image by way of an integer overflow.  Closes: #425625.

see which also contains the url to the patch:

We have 2.2.1 in our tree...

I guess we should fix that for OOo 2.2.1...
Comment 1 rene 2007-05-23 21:03:56 UTC
target 2.2.1
Comment 2 Mechtilde 2007-05-23 21:13:24 UTC
set keyword
Comment 3 rene 2007-05-24 09:45:01 UTC
Hmm. I don't see ttg*.* compiled...
Comment 4 rene 2007-05-24 09:46:04 UTC
fixed anyway (cws freetypettg)
Comment 5 rene 2007-05-24 10:19:58 UTC
ah. no. we *are* affected. freetype does nasty things like this:

$ grep ttgl *
Jamfile:    _sources = ttdriver ttobjs ttpload ttgload ttinterp ttgxvar ;              $(TT_DIR)/ttgload.c  \
truetype.c:#include "ttgload.c"    /* glyph loader        */

note the .c
Comment 6 rene 2007-05-24 10:20:18 UTC
Comment 7 Martin Hollmichel 2007-05-24 12:28:12 UTC
reassign for verification
Comment 8 eric.savary 2007-05-28 16:26:45 UTC
VERIFIED in CWS freetypettg.
Comment 9 Mechtilde 2007-06-26 14:25:57 UTC
verified in 2.2.1 -< closed