JVN/CVE Demo: Cveinfos

CVE

Id: 26111
CVE No.: CVE-2007-2754
Status: Candidate
Description: Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.
Phase: Assigned (20070517)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
262657	26111	CVE-2007-2754	BUGTRAQ:20070524 FLEA-2007-0020-1: freetype	View
262658	26111	CVE-2007-2754	URL:http://www.securityfocus.com/archive/1/archive/1/469463/100/200/threaded	View
262659	26111	CVE-2007-2754	BUGTRAQ:20070613 FLEA-2007-0025-1: openoffice.org	View
262660	26111	CVE-2007-2754	URL:http://www.securityfocus.com/archive/1/archive/1/471286/30/6180/threaded	View
262661	26111	CVE-2007-2754	MLIST:[ft-devel] 20070427 Bug in fuzzed TTF file	View
262662	26111	CVE-2007-2754	URL:http://lists.gnu.org/archive/html/freetype-devel/2007-04/msg00041.html	View
262663	26111	CVE-2007-2754	CONFIRM:http://cvs.savannah.nongnu.org/viewvc/freetype2/src/truetype/ttgload.c?root=freetype&r1=1.177&r2=1.178	View
262664	26111	CVE-2007-2754	CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240200	View
262665	26111	CVE-2007-2754	CONFIRM:https://issues.rpath.com/browse/RPL-1390	View
262666	26111	CVE-2007-2754	CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-330.htm	View
262667	26111	CVE-2007-2754	CONFIRM:http://support.apple.com/kb/HT3549	View
262668	26111	CVE-2007-2754	CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=502565	View
262669	26111	CVE-2007-2754	APPLE:APPLE-SA-2007-11-14	View
262670	26111	CVE-2007-2754	URL:http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html	View
262671	26111	CVE-2007-2754	APPLE:APPLE-SA-2009-05-12	View
262672	26111	CVE-2007-2754	URL:http://lists.apple.com/archives/security-announce/2009/May/msg00002.html	View
262673	26111	CVE-2007-2754	DEBIAN:DSA-1302	View
262674	26111	CVE-2007-2754	URL:http://www.debian.org/security/2007/dsa-1302	View
262675	26111	CVE-2007-2754	DEBIAN:DSA-1334	View
262676	26111	CVE-2007-2754	URL:http://www.debian.org/security/2007/dsa-1334	View
262677	26111	CVE-2007-2754	FEDORA:FEDORA-2009-5558	View
262678	26111	CVE-2007-2754	URL:https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01316.html	View
262679	26111	CVE-2007-2754	FEDORA:FEDORA-2009-5644	View
262680	26111	CVE-2007-2754	URL:https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01401.html	View
262681	26111	CVE-2007-2754	GENTOO:GLSA-200705-22	View
262682	26111	CVE-2007-2754	URL:http://www.gentoo.org/security/en/glsa/glsa-200705-22.xml	View
262683	26111	CVE-2007-2754	GENTOO:GLSA-200707-02	View
262684	26111	CVE-2007-2754	URL:http://www.gentoo.org/security/en/glsa/glsa-200707-02.xml	View
262685	26111	CVE-2007-2754	GENTOO:GLSA-200805-07	View
262686	26111	CVE-2007-2754	URL:http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml	View
262687	26111	CVE-2007-2754	MANDRIVA:MDKSA-2007:121	View
262688	26111	CVE-2007-2754	URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:121	View
262689	26111	CVE-2007-2754	OPENPKG:OpenPKG-SA-2007.018	View
262690	26111	CVE-2007-2754	URL:http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.018.html	View
262691	26111	CVE-2007-2754	REDHAT:RHSA-2007:0403	View
262692	26111	CVE-2007-2754	URL:http://www.redhat.com/support/errata/RHSA-2007-0403.html	View
262693	26111	CVE-2007-2754	REDHAT:RHSA-2009:0329	View
262694	26111	CVE-2007-2754	URL:http://www.redhat.com/support/errata/RHSA-2009-0329.html	View
262695	26111	CVE-2007-2754	REDHAT:RHSA-2009:1062	View
262696	26111	CVE-2007-2754	URL:http://www.redhat.com/support/errata/RHSA-2009-1062.html	View
262697	26111	CVE-2007-2754	SGI:20070602-01-P	View
262698	26111	CVE-2007-2754	URL:ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc	View
262699	26111	CVE-2007-2754	SUNALERT:102967	View
262700	26111	CVE-2007-2754	URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102967-1	View
262701	26111	CVE-2007-2754	SUNALERT:103171	View
262702	26111	CVE-2007-2754	URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103171-1	View
262703	26111	CVE-2007-2754	SUNALERT:200033	View
262704	26111	CVE-2007-2754	URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200033-1	View
262705	26111	CVE-2007-2754	SUSE:SUSE-SA:2007:041	View
262706	26111	CVE-2007-2754	URL:http://www.novell.com/linux/security/advisories/2007_41_freetype2.html	View
262707	26111	CVE-2007-2754	TRUSTIX:2007-0019	View
262708	26111	CVE-2007-2754	URL:http://www.trustix.org/errata/2007/0019/	View
262709	26111	CVE-2007-2754	UBUNTU:USN-466-1	View
262710	26111	CVE-2007-2754	URL:http://www.ubuntu.com/usn/usn-466-1	View
262711	26111	CVE-2007-2754	CERT:TA09-133A	View
262712	26111	CVE-2007-2754	URL:http://www.us-cert.gov/cas/techalerts/TA09-133A.html	View
262713	26111	CVE-2007-2754	BID:24074	View
262714	26111	CVE-2007-2754	URL:http://www.securityfocus.com/bid/24074	View
262715	26111	CVE-2007-2754	OSVDB:36509	View
262716	26111	CVE-2007-2754	URL:http://osvdb.org/36509	View
262717	26111	CVE-2007-2754	OVAL:oval:org.mitre.oval:def:11325	View
262718	26111	CVE-2007-2754	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11325	View
262719	26111	CVE-2007-2754	SECUNIA:35074	View
262720	26111	CVE-2007-2754	URL:http://secunia.com/advisories/35074	View
262721	26111	CVE-2007-2754	SECUNIA:35200	View
262722	26111	CVE-2007-2754	URL:http://secunia.com/advisories/35200	View
262723	26111	CVE-2007-2754	SECUNIA:35204	View
262724	26111	CVE-2007-2754	URL:http://secunia.com/advisories/35204	View
262725	26111	CVE-2007-2754	SECUNIA:35233	View
262726	26111	CVE-2007-2754	URL:http://secunia.com/advisories/35233	View
262727	26111	CVE-2007-2754	VUPEN:ADV-2007-1894	View
262728	26111	CVE-2007-2754	URL:http://www.vupen.com/english/advisories/2007/1894	View
262729	26111	CVE-2007-2754	VUPEN:ADV-2007-2229	View
262730	26111	CVE-2007-2754	URL:http://www.vupen.com/english/advisories/2007/2229	View
262731	26111	CVE-2007-2754	VUPEN:ADV-2008-0049	View
262732	26111	CVE-2007-2754	URL:http://www.vupen.com/english/advisories/2008/0049	View
262733	26111	CVE-2007-2754	OVAL:oval:org.mitre.oval:def:5532	View
262734	26111	CVE-2007-2754	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5532	View
262735	26111	CVE-2007-2754	SECTRACK:1018088	View
262736	26111	CVE-2007-2754	URL:http://www.securitytracker.com/id?1018088	View
262737	26111	CVE-2007-2754	SECUNIA:25350	View
262738	26111	CVE-2007-2754	URL:http://secunia.com/advisories/25350	View
262739	26111	CVE-2007-2754	SECUNIA:25386	View
262740	26111	CVE-2007-2754	URL:http://secunia.com/advisories/25386	View
262741	26111	CVE-2007-2754	SECUNIA:25353	View
262742	26111	CVE-2007-2754	URL:http://secunia.com/advisories/25353	View
262743	26111	CVE-2007-2754	SECUNIA:25463	View
262744	26111	CVE-2007-2754	URL:http://secunia.com/advisories/25463	View
262745	26111	CVE-2007-2754	SECUNIA:25483	View
262746	26111	CVE-2007-2754	URL:http://secunia.com/advisories/25483	View
262747	26111	CVE-2007-2754	SECUNIA:25612	View
262748	26111	CVE-2007-2754	URL:http://secunia.com/advisories/25612	View
262749	26111	CVE-2007-2754	SECUNIA:25609	View
262750	26111	CVE-2007-2754	URL:http://secunia.com/advisories/25609	View
262751	26111	CVE-2007-2754	SECUNIA:25654	View
262752	26111	CVE-2007-2754	URL:http://secunia.com/advisories/25654	View
262753	26111	CVE-2007-2754	SECUNIA:25705	View
262754	26111	CVE-2007-2754	URL:http://secunia.com/advisories/25705	View
262755	26111	CVE-2007-2754	SECUNIA:25894	View
262756	26111	CVE-2007-2754	URL:http://secunia.com/advisories/25894	View
262757	26111	CVE-2007-2754	SECUNIA:25905	View
262758	26111	CVE-2007-2754	URL:http://secunia.com/advisories/25905	View
262759	26111	CVE-2007-2754	SECUNIA:25808	View
262760	26111	CVE-2007-2754	URL:http://secunia.com/advisories/25808	View
262761	26111	CVE-2007-2754	SECUNIA:26129	View
262762	26111	CVE-2007-2754	URL:http://secunia.com/advisories/26129	View
262763	26111	CVE-2007-2754	SECUNIA:26305	View
262764	26111	CVE-2007-2754	URL:http://secunia.com/advisories/26305	View
262765	26111	CVE-2007-2754	SECUNIA:28298	View
262766	26111	CVE-2007-2754	URL:http://secunia.com/advisories/28298	View
262767	26111	CVE-2007-2754	SECUNIA:30161	View
262768	26111	CVE-2007-2754	URL:http://secunia.com/advisories/30161	View
262769	26111	CVE-2007-2754	VUPEN:ADV-2009-1297	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
51759	JVNDB-2007-000422	GD ライブラリの gdPngReadData() 関数におけるサービス運用妨害 (DoS) の脆弱性	GD ライブラリの gdPngReadData() 関数には不正な PNG イメージファイルを処理した際に、png_read_info() 関数内で無限ループが発生しサービス運用妨害 (DoS) 状態となる脆弱性が存在します。	CVE-2007-2756	26111	4.3		http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000422.html	View

Message	Memory use
Component initialization	1.38 MB
Controller action start	1.48 MB
Controller render start	2.43 MB
View render complete	3.02 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.58
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	392.21
Event: Controller.beforeRender	4.91
» Processing toolbar data	4.81
Rendering View	32.94
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	31.85
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.62
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.10
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Http Connection	close
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/26111
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/26111
Remote Port	64504
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	3.138.101.1
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	3.138.101.1
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	3.138.101.1
Unique Id	aBGIOJ-lw2Y-w-cEgpMKpwAAAYU
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	3.138.101.1
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	3.138.101.1
Redirect Unique Id	aBGIOJ-lw2Y-w-cEgpMKpwAAAYU
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	3.138.101.1
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	3.138.101.1
Redirect Redirect Unique Id	aBGIOJ-lw2Y-w-cEgpMKpwAAAYU
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1745979448.9433
Request Time	1745979448

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files