Bug 13976

Summary: [CVE 21] freetype 1.3.1 CVEs CVE-2006-2661 CVE-2006-0747 EXPLOIT https://www.exploit-db.com/download/27993 found
Product: [ROSA-based products] ROSA Fresh Reporter: Yury <y.tumanov>
Component: System (kernel, glibc, systemd, bash, PAM...)Assignee: ROSA Linux Bugs <bugs>
Status: RESOLVED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: blocker    
Priority: Highest CC: y.tumanov
Version: AllFlags: y.tumanov: secteam_verified+
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: CVE-2006-2661 CVE-2006-0747
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Yury 2023-10-20 15:20:49 MSK 
freetype	1.3.1	CVE-2006-2661	ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.			5	MEDIUM	CWE-476			Не найден	https://nvd.nist.gov/vuln/detail/CVE-2006-2661	https://www.exploit-db.com/download/27993	Multiple
Comment 1 Yury 2023-10-20 15:22:12 MSK 
У нас freetype 2.10.4
Comment 2 Yury 2023-10-20 15:23:19 MSK 
freetype	1.3.1	CVE-2006-0747	Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values.			5	MEDIUM	CWE-189			Не найден	https://nvd.nist.gov/vuln/detail/CVE-2006-0747	https://www.exploit-db.com/download/27992