Note: This is an archival copy of Security Sun Alert 200033 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000028.1.
Solaris 9 Operating System
Solaris 10 Operating System
Solaris 8 Operating System
Date of Resolved Release
An integer overflow leading to a heap overflow vulnerability in the FreeType 2 Font Engine, which is shipped with Solaris, may affect applications that make use of this library. Depending on the application, this may allow a local or remote unprivileged user to crash the application using FreeType (which is a type of Denial of Service), or to execute arbitrary code with the privileges of the application.
This issue is described in the following document:
This issue can occur in the following releases:
To determine if an application is linked with the libfreetype library, the ldd(1) utility can be utilized as in the following example:
$ ldd /usr/bin/gedit | grep libfreetype libfreetype.so.6 => /usr/sfw/lib/libfreetype.so.6
Note: Applications which don't list the FreeType library as a dynamic dependency in the ldd(1) output may open the library during process execution using functions such as dlopen(3C) and therefore may still be impacted.
If the described issue is exploited to cause a Denial of Service (DoS) to an application which links to the libfreetype library, the application will exit and may generate an error message about a Segmentation Fault, potentially writing a core(4) file. There are no predictable symptoms that would indicate the issue has been exploited to execute arbitrary code with elevated privileges.
There is no workaround for this issue. Please see the "Resolution" section below.
This issue is addressed in the following releases:
This solution has no attachment