ID CVE-2012-1138 Type cve Reporter cve@mitre.org Modified 2018-01-18T02:29:00
Description
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font.
{"suse": [{"lastseen": "2016-09-04T12:37:04", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1129", "CVE-2012-1143"], "description": "Specially crafted font files could have caused buffer\n overflows in freetype. This has been fixed.\n", "edition": 1, "modified": "2012-04-18T18:08:39", "published": "2012-04-18T18:08:39", "id": "SUSE-SU-2012:0521-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html", "type": "suse", "title": "Security update for freetype2 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:13:42", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "Specially crafted font files could have caused buffer\n overflows in freetype. This has been fixed.\n", "edition": 1, "modified": "2012-04-11T20:08:18", "published": "2012-04-11T20:08:18", "id": "SUSE-SU-2012:0483-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html", "type": "suse", "title": "Security update for freetype2 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:07", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "Specially crafted font files could have caused buffer\n overflows in freetype, which could be exploited for remote\n code execution.\n", "edition": 1, "modified": "2012-04-23T15:08:12", "published": "2012-04-23T15:08:12", "id": "SUSE-SU-2012:0483-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00018.html", "title": "Security update for freetype2 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:17", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "Specially crafted font files could cause buffer overflows\n in freetype\n\n", "edition": 1, "modified": "2012-04-12T10:09:06", "published": "2012-04-12T10:09:06", "id": "OPENSUSE-SU-2012:0489-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html", "type": "suse", "title": "freetype2 update (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:37:36", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "Specially crafted font files could have caused buffer\n overflows in freetype. This has been fixed.\n", "edition": 1, "modified": "2012-04-11T21:08:19", "published": "2012-04-11T21:08:19", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html", "id": "SUSE-SU-2012:0484-1", "title": "Security update for freetype2 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:43:04", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2500", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2010-3053", "CVE-2012-1126", "CVE-2010-2527", "CVE-2012-1141", "CVE-2010-2520", "CVE-2012-1130", "CVE-2010-2805", "CVE-2011-3256", "CVE-2012-1135", "CVE-2012-1133", "CVE-2012-1134", "CVE-2010-3311", "CVE-2012-1139", "CVE-2010-3054", "CVE-2010-2519", "CVE-2012-1132", "CVE-2010-2498", "CVE-2012-1142", "CVE-2010-1797", "CVE-2010-3855", "CVE-2010-2499", "CVE-2010-2497", "CVE-2010-2541", "CVE-2012-1129", "CVE-2010-3814", "CVE-2011-2895", "CVE-2012-1143", "CVE-2011-3439", "CVE-2012-1137"], "edition": 1, "description": "Specially crafted font files could have caused buffer\n overflows in freetype, which could have been exploited for\n remote code execution.\n", "modified": "2012-04-23T18:08:18", "published": "2012-04-23T18:08:18", "id": "SUSE-SU-2012:0553-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00020.html", "title": "Security update for freetype2 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-20T15:14:46", "description": "Specially crafted font files could have caused buffer overflows in\nfreetype. This has been fixed.", "edition": 15, "published": "2012-04-12T00:00:00", "title": "SuSE 10 Security Update : freetype2 (ZYPP Patch Number 8039)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "modified": "2012-04-12T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_FREETYPE2-8039.NASL", "href": "https://www.tenable.com/plugins/nessus/58722", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58722);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\");\n\n script_name(english:\"SuSE 10 Security Update : freetype2 (ZYPP Patch Number 8039)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted font files could have caused buffer overflows in\nfreetype. This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1126.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1127.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1129.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1130.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1131.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1132.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1133.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1134.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1135.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1136.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1137.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1138.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1139.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1141.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1142.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1143.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 8039.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"freetype2-2.1.10-18.29.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"freetype2-devel-2.1.10-18.29.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"ft2demos-2.1.10-19.29.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"freetype2-32bit-2.1.10-18.29.6\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.1.10-18.29.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"freetype2-2.1.10-18.29.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"freetype2-devel-2.1.10-18.29.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, reference:\"ft2demos-2.1.10-19.29.2\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"freetype2-32bit-2.1.10-18.29.6\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:4, cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.1.10-18.29.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:42:31", "description": "The Freetype project reports :\n\nMultiple vulnerabilities exist in freetype that can result in\napplication crashes and remote code execution. Please review the\ndetails in each of the CVEs for additional information.", "edition": 21, "published": "2012-04-09T00:00:00", "title": "FreeBSD : freetype -- multiple vulnerabilities (462e2d6c-8017-11e1-a571-bcaec565249c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "modified": "2012-04-09T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:freetype2"], "id": "FREEBSD_PKG_462E2D6C801711E1A571BCAEC565249C.NASL", "href": "https://www.tenable.com/plugins/nessus/58641", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58641);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n\n script_name(english:\"FreeBSD : freetype -- multiple vulnerabilities (462e2d6c-8017-11e1-a571-bcaec565249c)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Freetype project reports :\n\nMultiple vulnerabilities exist in freetype that can result in\napplication crashes and remote code execution. Please review the\ndetails in each of the CVEs for additional information.\"\n );\n # https://sourceforge.net/projects/freetype/files/freetype2/2.4.9/README/view\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?131c7cfe\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=806270\"\n );\n # https://vuxml.freebsd.org/freebsd/462e2d6c-8017-11e1-a571-bcaec565249c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58b009d3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"freetype2<2.4.9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:38:38", "description": "Specially crafted font files could have caused buffer overflows in\nfreetype. This has been fixed.", "edition": 17, "published": "2012-04-12T00:00:00", "title": "SuSE 11.1 Security Update : freetype2 (SAT Patch Number 6052)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "modified": "2012-04-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:freetype2", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:freetype2-devel", "p-cpe:/a:novell:suse_linux:11:freetype2-32bit", "p-cpe:/a:novell:suse_linux:11:ft2demos"], "id": "SUSE_11_FREETYPE2-120328.NASL", "href": "https://www.tenable.com/plugins/nessus/58720", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58720);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n\n script_name(english:\"SuSE 11.1 Security Update : freetype2 (SAT Patch Number 6052)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted font files could have caused buffer overflows in\nfreetype. This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750947\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750952\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1126.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1127.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1128.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1129.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1130.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1131.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1132.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1133.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1134.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1135.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1136.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1137.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1138.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1139.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1140.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1141.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1142.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1143.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1144.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6052.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ft2demos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"freetype2-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"freetype2-devel-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"ft2demos-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-devel-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"ft2demos-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"freetype2-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"ft2demos-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"freetype2-32bit-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:24:39", "description": "Specially crafted font files could cause buffer overflows in freetype", "edition": 16, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : freetype2 (openSUSE-SU-2012:0489-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:freetype2-devel-32bit", "p-cpe:/a:novell:opensuse:freetype2-debugsource", "p-cpe:/a:novell:opensuse:libfreetype6-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libfreetype6-debuginfo", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:libfreetype6", "p-cpe:/a:novell:opensuse:freetype2-devel", "p-cpe:/a:novell:opensuse:libfreetype6-32bit"], "id": "OPENSUSE-2012-220.NASL", "href": "https://www.tenable.com/plugins/nessus/74597", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-220.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74597);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n\n script_name(english:\"openSUSE Security Update : freetype2 (openSUSE-SU-2012:0489-1)\");\n script_summary(english:\"Check for the openSUSE-2012-220 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"Specially crafted font files could cause buffer overflows in freetype\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-04/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"freetype2-debugsource-2.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"freetype2-devel-2.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreetype6-2.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreetype6-debuginfo-2.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreetype6-debuginfo-32bit-2.4.7-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2-debugsource / freetype2-devel / freetype2-devel-32bit / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:00:55", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted property data in a\n BDF font. (CVE-2012-1126)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph or bitmap data\n in a BDF font. (CVE-2012-1127)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and memory corruption) or possibly execute\n arbitrary code via a crafted TrueType font.\n (CVE-2012-1128)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted SFNT string in a\n Type 42 font. (CVE-2012-1129)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted property data in a\n PCF font. (CVE-2012-1130)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, on 64-bit platforms\n allows remote attackers to cause a denial of service\n (invalid heap read operation and memory corruption) or\n possibly execute arbitrary code via vectors related to\n the cell table of a font. (CVE-2012-1131)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted dictionary data in a\n Type 1 font. (CVE-2012-1132)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph or bitmap data\n in a BDF font. (CVE-2012-1133)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted private-dictionary\n data in a Type 1 font. (CVE-2012-1134)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via vectors involving the NPUSHB\n and NPUSHW instructions in a TrueType font.\n (CVE-2012-1135)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph or bitmap data\n in a BDF font that lacks an ENCODING field.\n (CVE-2012-1136)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted header in a BDF\n font. (CVE-2012-1137)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via vectors involving the MIRP\n instruction in a TrueType font. (CVE-2012-1138)\n\n - Array index error in FreeType before 2.4.9, as used in\n Mozilla Firefox Mobile before 10.0.4 and other products,\n allows remote attackers to cause a denial of service\n (invalid stack read operation and memory corruption) or\n possibly execute arbitrary code via crafted glyph data\n in a BDF font. (CVE-2012-1139)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted PostScript font\n object. (CVE-2012-1140)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted ASCII string in a\n BDF font. (CVE-2012-1141)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph-outline data in\n a font. (CVE-2012-1142)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (divide-by-zero\n error) via a crafted font. (CVE-2012-1143)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via a crafted TrueType font.\n (CVE-2012-1144)", "edition": 24, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : freetype (multiple_denial_of_service_dos1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "modified": "2015-01-19T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:freetype", "cpe:/o:oracle:solaris:11.0"], "id": "SOLARIS11_FREETYPE_20141107_2.NASL", "href": "https://www.tenable.com/plugins/nessus/80616", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80616);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : freetype (multiple_denial_of_service_dos1)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted property data in a\n BDF font. (CVE-2012-1126)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph or bitmap data\n in a BDF font. (CVE-2012-1127)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and memory corruption) or possibly execute\n arbitrary code via a crafted TrueType font.\n (CVE-2012-1128)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted SFNT string in a\n Type 42 font. (CVE-2012-1129)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted property data in a\n PCF font. (CVE-2012-1130)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, on 64-bit platforms\n allows remote attackers to cause a denial of service\n (invalid heap read operation and memory corruption) or\n possibly execute arbitrary code via vectors related to\n the cell table of a font. (CVE-2012-1131)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted dictionary data in a\n Type 1 font. (CVE-2012-1132)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph or bitmap data\n in a BDF font. (CVE-2012-1133)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted private-dictionary\n data in a Type 1 font. (CVE-2012-1134)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via vectors involving the NPUSHB\n and NPUSHW instructions in a TrueType font.\n (CVE-2012-1135)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph or bitmap data\n in a BDF font that lacks an ENCODING field.\n (CVE-2012-1136)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted header in a BDF\n font. (CVE-2012-1137)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via vectors involving the MIRP\n instruction in a TrueType font. (CVE-2012-1138)\n\n - Array index error in FreeType before 2.4.9, as used in\n Mozilla Firefox Mobile before 10.0.4 and other products,\n allows remote attackers to cause a denial of service\n (invalid stack read operation and memory corruption) or\n possibly execute arbitrary code via crafted glyph data\n in a BDF font. (CVE-2012-1139)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted PostScript font\n object. (CVE-2012-1140)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted ASCII string in a\n BDF font. (CVE-2012-1141)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph-outline data in\n a font. (CVE-2012-1142)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (divide-by-zero\n error) via a crafted font. (CVE-2012-1143)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via a crafted TrueType font.\n (CVE-2012-1144)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-denial-of-service-dos-vulnerabilities-in-freetype\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2a790f4c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 8.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:freetype\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^freetype-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.8.0.5.0\", sru:\"SRU 8.5\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : freetype\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"freetype\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:53:53", "description": "The remote host is affected by the vulnerability described in GLSA-201204-04\n(FreeType: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FreeType. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted font,\n possibly resulting in execution of arbitrary code with the privileges of\n the user running the application, or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2012-06-21T00:00:00", "title": "GLSA-201204-04 : FreeType: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "modified": "2012-06-21T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:freetype", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201204-04.NASL", "href": "https://www.tenable.com/plugins/nessus/59620", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201204-04.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59620);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_bugtraq_id(52318);\n script_xref(name:\"GLSA\", value:\"201204-04\");\n\n script_name(english:\"GLSA-201204-04 : FreeType: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201204-04\n(FreeType: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FreeType. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted font,\n possibly resulting in execution of arbitrary code with the privileges of\n the user running the application, or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201204-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All FreeType users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.4.9'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/freetype\", unaffected:make_list(\"ge 2.4.9\"), vulnerable:make_list(\"lt 2.4.9\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FreeType\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:37:41", "description": "Mateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1126)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1127)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1128)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Type42 font files. If a user were tricked into using\na specially crafted font file, a remote attacker could cause FreeType\nto crash. (CVE-2012-1129)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed PCF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1130)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1131)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Type1 font files. If a user were tricked into using\na specially crafted font file, a remote attacker could cause FreeType\nto crash. (CVE-2012-1132)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash or possibly execute arbitrary code with user privileges.\n(CVE-2012-1133)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Type1 font files. If a user were tricked into using\na specially crafted font file, a remote attacker could cause FreeType\nto crash or possibly execute arbitrary code with user privileges.\n(CVE-2012-1134)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1135)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash or possibly execute arbitrary code with user privileges.\n(CVE-2012-1136)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1137)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1138)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1139)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed PostScript font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1140)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1141)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Windows FNT/FON font files. If a user were tricked\ninto using a specially crafted font file, a remote attacker could\ncause FreeType to crash. (CVE-2012-1142)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1143)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash or possibly execute arbitrary code with user\nprivileges. (CVE-2012-1144).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2012-03-23T00:00:00", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : freetype vulnerabilities (USN-1403-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:libfreetype6", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10"], "id": "UBUNTU_USN-1403-1.NASL", "href": "https://www.tenable.com/plugins/nessus/58444", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1403-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58444);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_bugtraq_id(52318);\n script_xref(name:\"USN\", value:\"1403-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : freetype vulnerabilities (USN-1403-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1126)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1127)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1128)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Type42 font files. If a user were tricked into using\na specially crafted font file, a remote attacker could cause FreeType\nto crash. (CVE-2012-1129)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed PCF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1130)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1131)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Type1 font files. If a user were tricked into using\na specially crafted font file, a remote attacker could cause FreeType\nto crash. (CVE-2012-1132)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash or possibly execute arbitrary code with user privileges.\n(CVE-2012-1133)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Type1 font files. If a user were tricked into using\na specially crafted font file, a remote attacker could cause FreeType\nto crash or possibly execute arbitrary code with user privileges.\n(CVE-2012-1134)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1135)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash or possibly execute arbitrary code with user privileges.\n(CVE-2012-1136)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1137)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1138)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1139)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed PostScript font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1140)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1141)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Windows FNT/FON font files. If a user were tricked\ninto using a specially crafted font file, a remote attacker could\ncause FreeType to crash. (CVE-2012-1142)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1143)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash or possibly execute arbitrary code with user\nprivileges. (CVE-2012-1144).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1403-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libfreetype6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.5-1ubuntu4.8.04.9\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.11-1ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libfreetype6\", pkgver:\"2.4.2-2ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libfreetype6\", pkgver:\"2.4.4-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libfreetype6\", pkgver:\"2.4.4-2ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libfreetype6\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:53:38", "description": "Multiple flaws were found in FreeType. Specially crafted files could\ncause application crashes or potentially execute arbitrary code\n(CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129,\nCVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133,\nCVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137,\nCVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141,\nCVE-2012-1142, CVE-2012-1143, CVE-2012-1144).\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2012-04-13T00:00:00", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2012:057)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "modified": "2012-04-13T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:lib64freetype6", "p-cpe:/a:mandriva:linux:lib64freetype6-static-devel", "p-cpe:/a:mandriva:linux:freetype2-demos", "p-cpe:/a:mandriva:linux:libfreetype6", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:libfreetype6-devel", "p-cpe:/a:mandriva:linux:libfreetype6-static-devel", "p-cpe:/a:mandriva:linux:lib64freetype6-devel"], "id": "MANDRIVA_MDVSA-2012-057.NASL", "href": "https://www.tenable.com/plugins/nessus/58734", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:057. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58734);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_bugtraq_id(52318);\n script_xref(name:\"MDVSA\", value:\"2012:057\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2012:057)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in FreeType. Specially crafted files could\ncause application crashes or potentially execute arbitrary code\n(CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129,\nCVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133,\nCVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137,\nCVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141,\nCVE-2012-1142, CVE-2012-1143, CVE-2012-1144).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"freetype2-demos-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"freetype2-demos-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64freetype6-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libfreetype6-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libfreetype6-devel-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:41:19", "description": "The Mozilla Project reports :\n\nMFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)\n\nMFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9\n\nMFSA 2012-22 use-after-free in IDBKeyRange\n\nMFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface\n\nMFSA 2012-24 Potential XSS via multibyte content processing errors\n\nMFSA 2012-25 Potential memory corruption during font rendering using\ncairo-dwrite\n\nMFSA 2012-26 WebGL.drawElements may read illegal video memory due to\nFindMaxUshortElement error\n\nMFSA 2012-27 Page load short-circuit can lead to XSS\n\nMFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver\naccess restrictions\n\nMFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding\nissues\n\nMFSA 2012-30 Crash with WebGL content using textImage2D\n\nMFSA 2012-31 Off-by-one error in OpenType Sanitizer\n\nMFSA 2012-32 HTTP Redirections and remote content can be read by\nJavaScript errors\n\nMFSA 2012-33 Potential site identity spoofing when loading RSS and\nAtom feeds", "edition": 23, "published": "2012-04-25T00:00:00", "title": "FreeBSD : mozilla -- multiple vulnerabilities (380e8c56-8e32-11e1-9580-4061862b8c22)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0478", "CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-0479", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-0470", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-0472", "CVE-2012-1134", "CVE-2012-0469", "CVE-2012-1139", "CVE-2012-0475", "CVE-2012-0474", "CVE-2012-1132", "CVE-2012-1142", "CVE-2011-1187", "CVE-2012-0468", "CVE-2012-1128", "CVE-2012-1129", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-1143", "CVE-2012-0467", "CVE-2012-0471", "CVE-2012-1137"], "modified": "2012-04-25T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:linux-firefox", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libxul", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:thunderbird"], "id": "FREEBSD_PKG_380E8C568E3211E195804061862B8C22.NASL", "href": "https://www.tenable.com/plugins/nessus/58864", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58864);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-1187\", \"CVE-2011-3062\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0472\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\", \"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (380e8c56-8e32-11e1-9580-4061862b8c22)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Project reports :\n\nMFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)\n\nMFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9\n\nMFSA 2012-22 use-after-free in IDBKeyRange\n\nMFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface\n\nMFSA 2012-24 Potential XSS via multibyte content processing errors\n\nMFSA 2012-25 Potential memory corruption during font rendering using\ncairo-dwrite\n\nMFSA 2012-26 WebGL.drawElements may read illegal video memory due to\nFindMaxUshortElement error\n\nMFSA 2012-27 Page load short-circuit can lead to XSS\n\nMFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver\naccess restrictions\n\nMFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding\nissues\n\nMFSA 2012-30 Crash with WebGL content using textImage2D\n\nMFSA 2012-31 Off-by-one error in OpenType Sanitizer\n\nMFSA 2012-32 HTTP Redirections and remote content can be read by\nJavaScript errors\n\nMFSA 2012-33 Potential site identity spoofing when loading RSS and\nAtom feeds\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-20.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-21.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-22.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-22/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-23.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-23/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-24.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-24/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-25.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-25/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-26.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-26/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-27.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-27/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-28.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-28/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-29.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-29/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-30.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-30/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-31.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-31/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-32.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-32/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-33.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-33/\"\n );\n # https://vuxml.freebsd.org/freebsd/380e8c56-8e32-11e1-9580-4061862b8c22.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?09c4f784\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxul\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox>11.0,1<12.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox<10.0.4,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<10.0.4,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<10.0.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird>11.0<12.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<10.0.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libxul>1.9.2.*<10.0.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2018-02-06T13:10:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1143", "CVE-2012-1137"], "description": "Check for the Version of mingw-freetype", "modified": "2018-02-05T00:00:00", "published": "2013-01-31T00:00:00", "id": "OPENVAS:865262", "href": "http://plugins.openvas.org/nasl.php?oid=865262", "type": "openvas", "title": "Fedora Update for mingw-freetype FEDORA-2013-1114", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-freetype FEDORA-2013-1114\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"mingw-freetype on Fedora 17\";\ntag_insight = \"MinGW Windows Freetype library.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097635.html\");\n script_id(865262);\n script_version(\"$Revision: 8672 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-31 09:24:39 +0530 (Thu, 31 Jan 2013)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1130\",\n \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\",\n \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\",\n \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\",\n \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2013-1114\");\n script_name(\"Fedora Update for mingw-freetype FEDORA-2013-1114\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mingw-freetype\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-freetype\", rpm:\"mingw-freetype~2.4.11~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1143", "CVE-2012-1137"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-01-31T00:00:00", "id": "OPENVAS:1361412562310865262", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865262", "type": "openvas", "title": "Fedora Update for mingw-freetype FEDORA-2013-1114", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mingw-freetype FEDORA-2013-1114\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097635.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865262\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-31 09:24:39 +0530 (Thu, 31 Jan 2013)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1130\",\n \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\",\n \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\",\n \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\",\n \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2013-1114\");\n script_name(\"Fedora Update for mingw-freetype FEDORA-2013-1114\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-freetype'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"mingw-freetype on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw-freetype\", rpm:\"mingw-freetype~2.4.11~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201204-04.", "modified": "2018-10-12T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:136141256231071314", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071314", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201204-04 (FreeType)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201204_04.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71314\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:57 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201204-04 (FreeType)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in FreeType, allowing\n remote attackers to possibly execute arbitrary code or cause Denial of\n Service.\");\n script_tag(name:\"solution\", value:\"All FreeType users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.4.9'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201204-04\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=407257\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201204-04.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-libs/freetype\", unaffected: make_list(\"ge 2.4.9\"), vulnerable: make_list(\"lt 2.4.9\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1403-1", "modified": "2019-03-13T00:00:00", "published": "2012-03-26T00:00:00", "id": "OPENVAS:1361412562310840959", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840959", "type": "openvas", "title": "Ubuntu Update for freetype USN-1403-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1403_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for freetype USN-1403-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1403-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840959\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-26 14:17:20 +0530 (Mon, 26 Mar 2012)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_xref(name:\"USN\", value:\"1403-1\");\n script_name(\"Ubuntu Update for freetype USN-1403-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.10|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1403-1\");\n script_tag(name:\"affected\", value:\"freetype on Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash. (CVE-2012-1126)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash. (CVE-2012-1127)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1128)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed Type42 font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1129)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed PCF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash. (CVE-2012-1130)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1131)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed Type1 font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1132)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash or possibly execute\n arbitrary code with user privileges. (CVE-2012-1133)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed Type1 font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash or possibly\n execute arbitrary code with user privileges. (CVE-2012-1134)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1135)\n\n Mateusz Jurczyk discovere ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.2-2ubuntu0.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.11-1ubuntu2.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.4-2ubuntu1.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.4-1ubuntu2.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.5-1ubuntu4.8.04.9\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-03T10:58:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "Check for the Version of freetype2", "modified": "2018-01-03T00:00:00", "published": "2012-12-13T00:00:00", "id": "OPENVAS:850176", "href": "http://plugins.openvas.org/nasl.php?oid=850176", "type": "openvas", "title": "SuSE Update for freetype2 openSUSE-SU-2012:0489-1 (freetype2)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0489_1.nasl 8273 2018-01-03 06:29:19Z teissa $\n#\n# SuSE Update for freetype2 openSUSE-SU-2012:0489-1 (freetype2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"freetype2 on openSUSE 12.1, openSUSE 11.4\";\ntag_insight = \"Specially crafted font files could cause buffer overflows\n in freetype\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850176);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:30 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\",\n \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\",\n \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\",\n \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\",\n \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0489_1\");\n script_name(\"SuSE Update for freetype2 openSUSE-SU-2012:0489-1 (freetype2)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-debugsource\", rpm:\"freetype2-debugsource~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2-devel\", rpm:\"freetype2-devel~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo\", rpm:\"libfreetype6-debuginfo~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2-devel-32bit\", rpm:\"freetype2-devel-32bit~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-32bit\", rpm:\"libfreetype6-32bit~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo-32bit\", rpm:\"libfreetype6-debuginfo-32bit~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo-x86\", rpm:\"libfreetype6-debuginfo-x86~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-x86\", rpm:\"libfreetype6-x86~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE12.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-debugsource\", rpm:\"freetype2-debugsource~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2-devel\", rpm:\"freetype2-devel~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo\", rpm:\"libfreetype6-debuginfo~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2-devel-32bit\", rpm:\"freetype2-devel-32bit~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-32bit\", rpm:\"libfreetype6-32bit~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo-32bit\", rpm:\"libfreetype6-debuginfo-32bit~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo-x86\", rpm:\"libfreetype6-debuginfo-x86~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-x86\", rpm:\"libfreetype6-x86~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T13:07:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "Check for the Version of freetype2", "modified": "2018-01-04T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:831659", "href": "http://plugins.openvas.org/nasl.php?oid=831659", "type": "openvas", "title": "Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple flaws were found in FreeType. Specially crafted files\n could cause application crashes or potentially execute arbitrary\n code (CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129,\n CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133,\n CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137,\n CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141,\n CVE-2012-1142, CVE-2012-1143, CVE-2012-1144).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"freetype2 on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:057\");\n script_id(831659);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:59:00 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\",\n \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\",\n \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\",\n \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\",\n \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2012:057\");\n script_name(\"Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-demos\", rpm:\"freetype2-demos~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-demos\", rpm:\"freetype2-demos~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-demos\", rpm:\"freetype2-demos~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:20:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1403-1", "modified": "2017-12-01T00:00:00", "published": "2012-03-26T00:00:00", "id": "OPENVAS:840959", "href": "http://plugins.openvas.org/nasl.php?oid=840959", "type": "openvas", "title": "Ubuntu Update for freetype USN-1403-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1403_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for freetype USN-1403-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash. (CVE-2012-1126)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash. (CVE-2012-1127)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1128)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed Type42 font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1129)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed PCF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash. (CVE-2012-1130)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1131)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed Type1 font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1132)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash or possibly execute\n arbitrary code with user privileges. (CVE-2012-1133)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed Type1 font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash or possibly\n execute arbitrary code with user privileges. (CVE-2012-1134)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1135)\n \n Mateusz Jurczyk discovere ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1403-1\";\ntag_affected = \"freetype on Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1403-1/\");\n script_id(840959);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-26 14:17:20 +0530 (Mon, 26 Mar 2012)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_xref(name: \"USN\", value: \"1403-1\");\n script_name(\"Ubuntu Update for freetype USN-1403-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.2-2ubuntu0.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.11-1ubuntu2.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.4-2ubuntu1.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.4-1ubuntu2.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.5-1ubuntu4.8.04.9\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2019-03-14T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:136141256231071283", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071283", "type": "openvas", "title": "FreeBSD Ports: freetype2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_freetype25.nasl 14170 2019-03-14 09:24:12Z cfischer $\n#\n# Auto generated from VID 462e2d6c-8017-11e1-a571-bcaec565249c\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71283\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_version(\"$Revision: 14170 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 10:24:12 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: freetype2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: freetype2\n\nCVE-2012-1126\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via crafted property data in a BDF\nfont.\nCVE-2012-1127\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via crafted glyph or bitmap data in a\nBDF font.\nCVE-2012-1128\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (NULL pointer dereference and memory corruption) or possibly\nexecute arbitrary code via a crafted TrueType font.\nCVE-2012-1129\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via a crafted SFNT string in a Type 42\nfont.\nCVE-2012-1130\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via crafted property data in a PCF\nfont.\n\nText truncated. Please see the references for more information.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"https://sourceforge.net/projects/freetype/files/freetype2/2.4.9/README/view\");\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=806270\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/462e2d6c-8017-11e1-a571-bcaec565249c.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"freetype2\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.4.9\")<0) {\n txt += \"Package freetype2 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201204-04.", "modified": "2017-07-07T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:71314", "href": "http://plugins.openvas.org/nasl.php?oid=71314", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201204-04 (FreeType)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in FreeType, allowing\n remote attackers to possibly execute arbitrary code or cause Denial of\n Service.\";\ntag_solution = \"All FreeType users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.4.9'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201204-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=407257\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201204-04.\";\n\n \n \nif(description)\n{\n script_id(71314);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:57 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201204-04 (FreeType)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-libs/freetype\", unaffected: make_list(\"ge 2.4.9\"), vulnerable: make_list(\"lt 2.4.9\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:1361412562310831659", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831659", "type": "openvas", "title": "Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:057\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831659\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:59:00 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\",\n \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\",\n \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\",\n \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\",\n \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2012:057\");\n script_name(\"Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2|2010\\.1)\");\n script_tag(name:\"affected\", value:\"freetype2 on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in FreeType. Specially crafted files\n could cause application crashes or potentially execute arbitrary\n code (CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129,\n CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133,\n CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137,\n CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141,\n CVE-2012-1142, CVE-2012-1143, CVE-2012-1144).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-demos\", rpm:\"freetype2-demos~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-demos\", rpm:\"freetype2-demos~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-demos\", rpm:\"freetype2-demos~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:23:46", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "Mateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed BDF font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash. (CVE-2012-1126)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed BDF font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash. (CVE-2012-1127)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed TrueType font files. If a user were tricked into using a specially \ncrafted font file, a remote attacker could cause FreeType to crash. \n(CVE-2012-1128)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed Type42 font files. If a user were tricked into using a specially \ncrafted font file, a remote attacker could cause FreeType to crash. \n(CVE-2012-1129)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed PCF font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash. (CVE-2012-1130)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed TrueType font files. If a user were tricked into using a specially \ncrafted font file, a remote attacker could cause FreeType to crash. \n(CVE-2012-1131)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed Type1 font files. If a user were tricked into using a specially \ncrafted font file, a remote attacker could cause FreeType to crash. \n(CVE-2012-1132)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed BDF font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash or possibly execute \narbitrary code with user privileges. (CVE-2012-1133)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed Type1 font files. If a user were tricked into using a specially \ncrafted font file, a remote attacker could cause FreeType to crash or possibly \nexecute arbitrary code with user privileges. (CVE-2012-1134)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed TrueType font files. If a user were tricked into using a specially \ncrafted font file, a remote attacker could cause FreeType to crash. \n(CVE-2012-1135)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed BDF font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash or possibly execute \narbitrary code with user privileges. (CVE-2012-1136)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed BDF font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash. (CVE-2012-1137)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed TrueType font files. If a user were tricked into using a specially \ncrafted font file, a remote attacker could cause FreeType to crash. \n(CVE-2012-1138)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed BDF font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash. (CVE-2012-1139)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed PostScript font files. If a user were tricked into using a specially \ncrafted font file, a remote attacker could cause FreeType to crash. \n(CVE-2012-1140)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed BDF font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash. (CVE-2012-1141)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed Windows FNT/FON font files. If a user were tricked into using a \nspecially crafted font file, a remote attacker could cause FreeType to crash. \n(CVE-2012-1142)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed font files. If a user were tricked into using a specially crafted \nfont file, a remote attacker could cause FreeType to crash. (CVE-2012-1143)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain \nmalformed TrueType font files. If a user were tricked into using a specially \ncrafted font file, a remote attacker could cause FreeType to crash or possibly \nexecute arbitrary code with user privileges. (CVE-2012-1144)", "edition": 5, "modified": "2012-03-23T00:00:00", "published": "2012-03-23T00:00:00", "id": "USN-1403-1", "href": "https://ubuntu.com/security/notices/USN-1403-1", "title": "FreeType vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:58", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "### Background\n\nFreeType is a high-quality and portable font engine.\n\n### Description\n\nMultiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted font, possibly resulting in execution of arbitrary code with the privileges of the user running the application, or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FreeType users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/freetype-2.4.9\"", "edition": 1, "modified": "2012-04-17T00:00:00", "published": "2012-04-17T00:00:00", "id": "GLSA-201204-04", "href": "https://security.gentoo.org/glsa/201204-04", "type": "gentoo", "title": "FreeType: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:45", "bulletinFamily": "software", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "edition": 1, "description": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\n\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "modified": "2012-04-24T00:00:00", "published": "2012-04-24T00:00:00", "id": "MFSA2012-21", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2012-21/", "type": "mozilla", "title": "Multiple security flaws fixed in FreeType v2.4.9", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1139", "CVE-2012-1132", "CVE-2012-1142", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1143", "CVE-2012-1137"], "description": "\nThe Freetype project reports:\n\nMultiple vulnerabilities exist in freetype that can result in\n\t application crashes and remote code execution. Please review\n\t the details in each of the CVEs for additional information.\n\n", "edition": 4, "modified": "2012-03-08T00:00:00", "published": "2012-03-08T00:00:00", "id": "462E2D6C-8017-11E1-A571-BCAEC565249C", "href": "https://vuxml.freebsd.org/freebsd/462e2d6c-8017-11e1-a571-bcaec565249c.html", "title": "freetype -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0478", "CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-0479", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-0470", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-0472", "CVE-2012-1134", "CVE-2012-0469", "CVE-2012-1139", "CVE-2012-0475", "CVE-2012-0474", "CVE-2012-1132", "CVE-2012-1142", "CVE-2011-1187", "CVE-2012-0468", "CVE-2012-1128", "CVE-2012-1129", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-1143", "CVE-2012-0467", "CVE-2012-0471", "CVE-2012-1137"], "description": "\nThe Mozilla Project reports:\n\nMFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)\nMFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9\nMFSA 2012-22 use-after-free in IDBKeyRange\nMFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface\nMFSA 2012-24 Potential XSS via multibyte content processing errors\nMFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite\nMFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error\nMFSA 2012-27 Page load short-circuit can lead to XSS\nMFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions\nMFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues\nMFSA 2012-30 Crash with WebGL content using textImage2D\nMFSA 2012-31 Off-by-one error in OpenType Sanitizer\nMFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors\nMFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds\n\n", "edition": 4, "modified": "2012-04-24T00:00:00", "published": "2012-04-24T00:00:00", "id": "380E8C56-8E32-11E1-9580-4061862B8C22", "href": "https://vuxml.freebsd.org/freebsd/380e8c56-8e32-11e1-9580-4061862b8c22.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:47", "bulletinFamily": "software", "cvelist": ["CVE-2012-0478", "CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-0479", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-0470", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-0472", "CVE-2012-1134", "CVE-2012-0469", "CVE-2012-1139", "CVE-2012-0475", "CVE-2012-0474", "CVE-2012-1132", "CVE-2012-1142", "CVE-2011-1187", "CVE-2012-0468", "CVE-2012-1128", "CVE-2012-1129", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-1143", "CVE-2012-0467", "CVE-2012-0471", "CVE-2012-1137"], "description": "Multiple memory corruptions in main code and different libraries, crossite scripting, information leakage.", "edition": 1, "modified": "2012-05-09T00:00:00", "published": "2012-05-09T00:00:00", "id": "SECURITYVULNS:VULN:12355", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12355", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:48", "bulletinFamily": "software", "cvelist": ["CVE-2012-3722", "CVE-2012-3729", "CVE-2012-3724", "CVE-2012-1140", "CVE-2012-3731", "CVE-2011-3026", "CVE-2012-1131", "CVE-2012-3746", "CVE-2012-1136", "CVE-2012-3736", "CVE-2012-3738", "CVE-2012-3743", "CVE-2012-1138", "CVE-2011-4599", "CVE-2012-1127", "CVE-2012-1126", "CVE-2011-3457", "CVE-2012-0680", "CVE-2012-1141", "CVE-2012-3727", "CVE-2011-3919", "CVE-2012-1130", "CVE-2012-3733", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-3744", "CVE-2012-3741", "CVE-2011-1167", "CVE-2012-1133", "CVE-2012-3726", "CVE-2012-1134", "CVE-2012-3725", "CVE-2012-3734", "CVE-2012-1139", "CVE-2011-3328", "CVE-2012-3745", "CVE-2011-2834", "CVE-2012-3740", "CVE-2012-1132", "CVE-2012-3737", "CVE-2011-3048", "CVE-2012-3728", "CVE-2012-1142", "CVE-2012-3735", "CVE-2012-3732", "CVE-2012-1128", "CVE-2012-1173", "CVE-2011-2821", "CVE-2011-1944", "CVE-2012-3742", "CVE-2012-1129", "CVE-2012-3730", "CVE-2012-1143", "CVE-2012-3739", "CVE-2012-1137"], "description": "Large number of vulnerabilities in different components.", "edition": 1, "modified": "2012-09-24T00:00:00", "published": "2012-09-24T00:00:00", "id": "SECURITYVULNS:VULN:12596", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12596", "title": "Apple iOS multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:45", "bulletinFamily": "software", "cvelist": ["CVE-2012-3667", "CVE-2012-0682", "CVE-2012-3670", "CVE-2012-3722", "CVE-2012-3729", "CVE-2011-3039", "CVE-2012-3609", "CVE-2011-3043", "CVE-2012-3646", "CVE-2012-3724", "CVE-2012-3600", "CVE-2012-3610", "CVE-2012-3590", "CVE-2012-1140", "CVE-2012-3693", "CVE-2012-3731", "CVE-2011-3105", "CVE-2012-2815", "CVE-2011-3026", "CVE-2012-1131", "CVE-2012-3639", "CVE-2011-3044", "CVE-2011-3081", "CVE-2012-3637", "CVE-2011-3068", "CVE-2012-3641", "CVE-2012-3746", "CVE-2011-3968", "CVE-2012-1136", "CVE-2012-3703", "CVE-2012-3736", "CVE-2011-2845", "CVE-2012-3738", "CVE-2012-3626", "CVE-2012-3704", "CVE-2012-3603", "CVE-2012-3743", "CVE-2012-3663", "CVE-2012-1138", "CVE-2011-4599", "CVE-2012-3668", "CVE-2012-1127", "CVE-2012-3660", "CVE-2012-3678", "CVE-2012-1520", "CVE-2011-3059", "CVE-2011-3071", "CVE-2012-3635", "CVE-2012-3644", "CVE-2012-1521", "CVE-2012-3676", "CVE-2012-3674", "CVE-2012-3593", "CVE-2011-3075", "CVE-2012-1126", "CVE-2012-3671", "CVE-2011-3457", "CVE-2012-3602", "CVE-2012-3625", "CVE-2012-3611", "CVE-2012-3659", "CVE-2011-3958", "CVE-2012-3596", "CVE-2012-3669", "CVE-2012-3655", "CVE-2012-3634", "CVE-2011-3969", "CVE-2012-3706", "CVE-2012-3658", "CVE-2012-0683", "CVE-2012-0680", "CVE-2012-3684", "CVE-2011-3060", "CVE-2012-1141", "CVE-2012-3727", "CVE-2012-3652", "CVE-2012-3651", "CVE-2011-3971", "CVE-2011-3919", "CVE-2012-1130", "CVE-2012-3665", "CVE-2011-3021", "CVE-2012-3733", "CVE-2012-3664", "CVE-2012-1135", "CVE-2011-3069", "CVE-2012-1144", "CVE-2012-3744", "CVE-2012-3656", "CVE-2012-3666", "CVE-2012-3598", "CVE-2012-3710", "CVE-2012-3645", "CVE-2012-3741", "CVE-2011-1167", "CVE-2012-1133", "CVE-2011-3074", "CVE-2012-3661", "CVE-2012-3726", "CVE-2011-3038", "CVE-2011-3035", "CVE-2012-3708", "CVE-2012-1134", "CVE-2012-3673", "CVE-2011-3053", "CVE-2012-3725", "CVE-2012-3681", "CVE-2012-3642", "CVE-2012-3653", "CVE-2012-3734", "CVE-2012-3682", "CVE-2012-3686", "CVE-2012-1139", "CVE-2011-3036", "CVE-2011-3050", "CVE-2012-3638", "CVE-2012-3633", "CVE-2012-3747", "CVE-2012-2818", "CVE-2011-3328", "CVE-2012-3618", "CVE-2012-3594", "CVE-2011-3078", "CVE-2012-3745", "CVE-2011-2834", "CVE-2012-3628", "CVE-2012-3740", "CVE-2011-3926", "CVE-2011-3073", "CVE-2012-3680", "CVE-2011-3076", "CVE-2012-3614", "CVE-2012-3612", "CVE-2012-3696", "CVE-2012-3605", "CVE-2012-3647", "CVE-2012-3648", "CVE-2011-3086", "CVE-2012-1132", "CVE-2012-3737", "CVE-2012-3617", "CVE-2011-3041", "CVE-2012-3613", "CVE-2011-3048", "CVE-2012-3589", "CVE-2011-3966", "CVE-2011-3034", "CVE-2012-3620", "CVE-2012-3679", "CVE-2012-3728", "CVE-2011-3067", "CVE-2012-3677", "CVE-2011-3924", "CVE-2012-3595", "CVE-2011-3042", "CVE-2011-3016", "CVE-2012-1142", "CVE-2012-3630", "CVE-2012-3735", "CVE-2011-3090", "CVE-2012-3683", "CVE-2012-3732", "CVE-2012-3691", "CVE-2012-3650", "CVE-2012-3640", "CVE-2012-3636", "CVE-2012-3599", "CVE-2012-1128", "CVE-2012-3624", "CVE-2012-1173", "CVE-2012-3629", "CVE-2011-3032", "CVE-2012-3672", "CVE-2012-3592", "CVE-2011-3037", "CVE-2011-2821", "CVE-2012-3627", "CVE-2011-1944", "CVE-2012-3615", "CVE-2012-3695", "CVE-2012-3742", "CVE-2011-3913", "CVE-2012-1129", "CVE-2012-3591", "CVE-2012-3608", "CVE-2011-3064", "CVE-2011-3027", "CVE-2012-3604", "CVE-2012-3730", "CVE-2012-3601", "CVE-2012-1143", "CVE-2011-3040", "CVE-2012-3739", "CVE-2012-3631", "CVE-2012-3597", "CVE-2011-3089", "CVE-2012-1137"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2012-09-19-1 iOS 6\r\n\r\niOS 6 is now available and addresses the following:\r\n\r\nCFNetwork\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of malformed\r\nURLs. CFNetwork may send requests to an incorrect hostname, resulting\r\nin the disclosure of sensitive information. This issue was addressed\r\nthrough improvements to URL handling.\r\nCVE-ID\r\nCVE-2012-3724 : Erling Ellingsen of Facebook\r\n\r\nCoreGraphics\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Multiple vulnerabilities in FreeType\r\nDescription: Multiple vulnerabilities existed in FreeType, the most\r\nserious of which may lead to arbitrary code execution when processing\r\na maliciously crafted font. These issues were addressed by updating\r\nFreeType to version 2.4.9. Further information is available via the\r\nFreeType site at http://www.freetype.org/\r\nCVE-ID\r\nCVE-2012-1126\r\nCVE-2012-1127\r\nCVE-2012-1128\r\nCVE-2012-1129\r\nCVE-2012-1130\r\nCVE-2012-1131\r\nCVE-2012-1132\r\nCVE-2012-1133\r\nCVE-2012-1134\r\nCVE-2012-1135\r\nCVE-2012-1136\r\nCVE-2012-1137\r\nCVE-2012-1138\r\nCVE-2012-1139\r\nCVE-2012-1140\r\nCVE-2012-1141\r\nCVE-2012-1142\r\nCVE-2012-1143\r\nCVE-2012-1144\r\n\r\nCoreMedia\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An uninitialized memory access existed in the handling\r\nof Sorenson encoded movie files. This issue was addressed through\r\nimproved memory initialization.\r\nCVE-ID\r\nCVE-2012-3722 : Will Dormann of the CERT/CC\r\n\r\nDHCP\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A malicious Wi-Fi network may be able to determine networks\r\na device has previously accessed\r\nDescription: Upon connecting to a Wi-Fi network, iOS may broadcast\r\nMAC addresses of previously accessed networks per the DNAv4 protocol.\r\nThis issue was addressed by disabling DNAv4 on unencrypted Wi-Fi\r\nnetworks.\r\nCVE-ID\r\nCVE-2012-3725 : Mark Wuergler of Immunity, Inc.\r\n\r\nImageIO\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted TIFF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in libtiff's handling of\r\nThunderScan encoded TIFF images. This issue was addressed by updating\r\nlibtiff to version 3.9.5.\r\nCVE-ID\r\nCVE-2011-1167\r\n\r\nImageIO\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted PNG image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in libpng's\r\nhandling of PNG images. These issues were addressed through improved\r\nvalidation of PNG images.\r\nCVE-ID\r\nCVE-2011-3026 : Juri Aedla\r\nCVE-2011-3048\r\nCVE-2011-3328\r\n\r\nImageIO\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted JPEG image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A double free issue existed in ImageIO's handling of\r\nJPEG images. This issue was addressed through improved memory\r\nmanagement.\r\nCVE-ID\r\nCVE-2012-3726 : Phil of PKJE Consulting\r\n\r\nImageIO\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An integer overflow issue existed in libTIFF's handling\r\nof TIFF images. This issue was addressed through improved validation\r\nof TIFF images.\r\nCVE-ID\r\nCVE-2012-1173 : Alexander Gavrun working with HP's Zero Day\r\nInitiative\r\n\r\nInternational Components for Unicode\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Applications that use ICU may be vulnerable to an unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A stack buffer overflow existed in the handling of ICU\r\nlocale IDs. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2011-4599\r\n\r\nIPSec\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Loading a maliciously crafted racoon configuration file may\r\nlead to arbitrary code execution\r\nDescription: A buffer overflow existed in the handling of racoon\r\nconfiguration files. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2012-3727 : iOS Jailbreak Dream Team\r\n\r\nKernel\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: An invalid pointer dereference issue existed in the\r\nkernel's handling of packet filter ioctls. This may allow an attacker\r\nto alter kernel memory. This issue was addressed through improved\r\nerror handling.\r\nCVE-ID\r\nCVE-2012-3728 : iOS Jailbreak Dream Team\r\n\r\nKernel\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A local user may be able to determine kernel memory layout\r\nDescription: An uninitialized memory access issue existed in the\r\nBerkeley Packet Filter interpreter, which led to the disclosure of\r\nmemory content. This issue was addressed through improved memory\r\ninitialization.\r\nCVE-ID\r\nCVE-2012-3729 : Dan Rosenberg\r\n\r\nlibxml\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Viewing a maliciously crafted web page may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in libxml, the most\r\nserious of which may lead to an unexpected application termination or\r\narbitrary code execution. These issues were addressed by applying the\r\nrelevant upstream patches.\r\nCVE-ID\r\nCVE-2011-1944 : Chris Evans of Google Chrome Security Team\r\nCVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of\r\nChinese Academy of Sciences\r\nCVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of\r\nChinese Academy of Sciences\r\nCVE-2011-3919 : Juri Aedla\r\n\r\nMail\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Mail may present the wrong attachment in a message\r\nDescription: A logic issue existed in Mail's handling of\r\nattachments. If a subsequent mail attachment used the same Content-ID\r\nas a previous one, the previous attachment would be displayed, even\r\nin the case where the 2 mails originated from different senders. This\r\ncould facilitate some spoofing or phishing attacks. This issue was\r\naddressed through improved handling of attachments.\r\nCVE-ID\r\nCVE-2012-3730 : Angelo Prado of the salesforce.com Product Security\r\nTeam\r\n\r\nMail\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Email attachments may be read without user's passcode\r\nDescription: A logic issue existed in Mail's use of Data Protection\r\non email attachments. This issue was addressed by properly setting\r\nthe Data Protection class for email attachments.\r\nCVE-ID\r\nCVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich\r\nStuntebeck of AirWatch\r\n\r\nMail\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: An attacker may spoof the sender of a S/MIME signed message\r\nDescription: S/MIME signed messages displayed the untrusted 'From'\r\naddress, instead of the name associated with the message signer's\r\nidentity. This issue was addressed by displaying the address\r\nassociated with the message signer's identity when it is available.\r\nCVE-ID\r\nCVE-2012-3732 : An anonymous researcher\r\n\r\nMessages\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A user may unintentionally disclose the existence of their\r\nemail addresses\r\nDescription: When a user had multiple email addresses associated\r\nwith iMessage, replying to a message may have resulted in the reply\r\nbeing sent from a different email address. This may disclose another\r\nemail address associated to the user's account. This issue was\r\naddressed by always replying from the email address the original\r\nmessage was sent to.\r\nCVE-ID\r\nCVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC\r\n\r\nOffice Viewer\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Unencrypted document data may be written to a temporary file\r\nDescription: An information disclosure issue existed in the support\r\nfor viewing Microsoft Office files. When viewing a document, the\r\nOffice Viewer would write a temporary file containing data from the\r\nviewed document to the temporary directory of the invoking process.\r\nFor an application that uses data protection or other encryption to\r\nprotect the user's files, this could lead to information\r\ndisclosure. This issue was addressed by avoiding creation of\r\ntemporary files when viewing Office documents.\r\nCVE-ID\r\nCVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies\r\n\r\nOpenGL\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Applications that use OS X's OpenGL implementation may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of GLSL compilation. These issues were addressed through\r\nimproved validation of GLSL shaders.\r\nCVE-ID\r\nCVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and\r\nMarc Schoenefeld of the Red Hat Security Response Team\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the device could briefly\r\nview the last used third-party app on a locked device\r\nDescription: A logic issue existed with the display of the "Slide to\r\nPower Off" slider on the lock screen. This issue was addressed\r\nthrough improved lock state management.\r\nCVE-ID\r\nCVE-2012-3735 : Chris Lawrence DBB\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\nbypass the screen lock\r\nDescription: A logic issue existed in the termination of FaceTime\r\ncalls from the lock screen. This issue was addressed through improved\r\nlock state management.\r\nCVE-ID\r\nCVE-2012-3736 : Ian Vitek of 2Secure AB\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: All photos may be accessible at the lock screen\r\nDescription: A design issue existed in the support for viewing\r\nphotos that were taken at the lock screen. In order to determine\r\nwhich photos to permit access to, the passcode lock consulted the\r\ntime at which the device was locked and compared it to the time that\r\na photo was taken. By spoofing the current time, an attacker could\r\ngain access to photos that were taken before the device was locked.\r\nThis issues was addressed by explicitly keeping track of the photos\r\nthat were taken while the device was locked.\r\nCVE-ID\r\nCVE-2012-3737 : Ade Barkah of BlueWax Inc.\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to a locked device may perform\r\nFaceTime calls\r\nDescription: A logic issue existed in the Emergency Dialer screen,\r\nwhich permitted FaceTime calls via Voice Dialing on the locked\r\ndevice. This could also disclose the user's contacts via contact\r\nsuggestions. This issue was addressed by disabling Voice Dialing on\r\nthe Emergency Dialer screen.\r\nCVE-ID\r\nCVE-2012-3738 : Ade Barkah of BlueWax Inc.\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\nbypass the screen lock\r\nDescription: Using the camera from the screen lock could in some\r\ncases interfere with automatic lock functionality, allowing a person\r\nwith physical access to the device to bypass the Passcode Lock\r\nscreen. This issue was addressed through improved lock state\r\nmanagement.\r\nCVE-ID\r\nCVE-2012-3739 : Sebastian Spanninger of the Austrian Federal\r\nComputing Centre (BRZ)\r\n\r\nPasscode Lock\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A person with physical access to the device may be able to\r\nbypass the screen lock\r\nDescription: A state management issue existed in the handling of the\r\nscreen lock. This issue was addressed through improved lock state\r\nmanagement.\r\nCVE-ID\r\nCVE-2012-3740 : Ian Vitek of 2Secure AB\r\n\r\nRestrictions\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A user may be able to make purchases without entering Apple\r\nID credentials\r\nDescription: After disabling Restrictions, iOS may not ask for the\r\nuser's password during a transaction. This issue was addressed by\r\nadditional enforcement of purchase authorization.\r\nCVE-ID\r\nCVE-2012-3741 : Kevin Makens of Redwood High School\r\n\r\nSafari\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Websites may use characters with an appearance similar to\r\nthe lock icon in their titles\r\nDescription: Websites could use a Unicode character to create a lock\r\nicon in the page title. This icon was similar in appearance to the\r\nicon used to indicate a secure connection, and could have lead the\r\nuser to believe a secure connection had been established. This issue\r\nwas addressed by removing these characters from page titles.\r\nCVE-ID\r\nCVE-2012-3742 : Boku Kihara of Lepidum\r\n\r\nSafari\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Passwords may autocomplete even when the site specifies that\r\nautocomplete should be disabled\r\nDescription: Password input elements with the autocomplete attribute\r\nset to "off" were being autocompleted. This issue was addressed\r\nthrough improved handling of the autocomplete attribute.\r\nCVE-ID\r\nCVE-2012-0680 : Dan Poltawski of Moodle\r\n\r\nSystem Logs\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Sandboxed apps may obtain system log content\r\nDescription: Sandboxed apps had read access to /var/log directory,\r\nwhich may allow them to obtain sensitive information contained in\r\nsystem logs. This issue was addressed by denying sandboxed apps\r\naccess to the /var/log directory.\r\nCVE-ID\r\nCVE-2012-3743\r\n\r\nTelephony\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: An SMS message may appear to have been sent by an arbitrary\r\nuser\r\nDescription: Messages displayed the return address of an SMS message\r\nas the sender. Return addresses may be spoofed. This issue was\r\naddressed by always displaying the originating address instead of the\r\nreturn address.\r\nCVE-ID\r\nCVE-2012-3744 : pod2g\r\n\r\nTelephony\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: An SMS message may disrupt cellular connectivity\r\nDescription: An off-by-one buffer overflow existed in the handling\r\nof SMS user data headers. This issue was addressed through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2012-3745 : pod2g\r\n\r\nUIKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: An attacker that gains access to a device's filesystem may\r\nbe able to read files that were being displayed in a UIWebView\r\nDescription: Applications that use UIWebView may leave unencrypted\r\nfiles on the file system even when a passcode is enabled. This issue\r\nwas addressed through improved use of data protection.\r\nCVE-ID\r\nCVE-2012-3746 : Ben Smith of Box\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in WebKit.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2011-3016 : miaubiz\r\nCVE-2011-3021 : Arthur Gerkis\r\nCVE-2011-3027 : miaubiz\r\nCVE-2011-3032 : Arthur Gerkis\r\nCVE-2011-3034 : Arthur Gerkis\r\nCVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur\r\nGerkis\r\nCVE-2011-3036 : miaubiz\r\nCVE-2011-3037 : miaubiz\r\nCVE-2011-3038 : miaubiz\r\nCVE-2011-3039 : miaubiz\r\nCVE-2011-3040 : miaubiz\r\nCVE-2011-3041 : miaubiz\r\nCVE-2011-3042 : miaubiz\r\nCVE-2011-3043 : miaubiz\r\nCVE-2011-3044 : Arthur Gerkis\r\nCVE-2011-3050 : miaubiz\r\nCVE-2011-3053 : miaubiz\r\nCVE-2011-3059 : Arthur Gerkis\r\nCVE-2011-3060 : miaubiz\r\nCVE-2011-3064 : Atte Kettunen of OUSPG\r\nCVE-2011-3068 : miaubiz\r\nCVE-2011-3069 : miaubiz\r\nCVE-2011-3071 : pa_kt working with HP's Zero Day Initiative\r\nCVE-2011-3073 : Arthur Gerkis\r\nCVE-2011-3074 : Slawomir Blazek\r\nCVE-2011-3075 : miaubiz\r\nCVE-2011-3076 : miaubiz\r\nCVE-2011-3078 : Martin Barbella of the Google Chrome Security Team\r\nCVE-2011-3081 : miaubiz\r\nCVE-2011-3086 : Arthur Gerkis\r\nCVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz\r\nCVE-2011-3090 : Arthur Gerkis\r\nCVE-2011-3105 : miaubiz\r\nCVE-2011-3913 : Arthur Gerkis\r\nCVE-2011-3924 : Arthur Gerkis\r\nCVE-2011-3926 : Arthur Gerkis\r\nCVE-2011-3958 : miaubiz\r\nCVE-2011-3966 : Aki Helin of OUSPG\r\nCVE-2011-3968 : Arthur Gerkis\r\nCVE-2011-3969 : Arthur Gerkis\r\nCVE-2011-3971 : Arthur Gerkis\r\nCVE-2012-0682 : Apple Product Security\r\nCVE-2012-0683 : Dave Mandelin of Mozilla\r\nCVE-2012-1520 : Martin Barbella of the Google Chrome Security Team\r\nusing AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com\r\nworking with iDefense VCP\r\nCVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A.\r\nVazquez of spa-s3c.blogspot.com working with iDefense VCP\r\nCVE-2012-2818 : miaubiz\r\nCVE-2012-3589 : Dave Mandelin of Mozilla\r\nCVE-2012-3590 : Apple Product Security\r\nCVE-2012-3591 : Apple Product Security\r\nCVE-2012-3592 : Apple Product Security\r\nCVE-2012-3593 : Apple Product Security\r\nCVE-2012-3594 : miaubiz\r\nCVE-2012-3595 : Martin Barbella of Google Chrome Security\r\nCVE-2012-3596 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3597 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3598 : Apple Product Security\r\nCVE-2012-3599 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3600 : David Levin of the Chromium development community\r\nCVE-2012-3601 : Martin Barbella of the Google Chrome Security Team\r\nusing AddressSanitizer\r\nCVE-2012-3602 : miaubiz\r\nCVE-2012-3603 : Apple Product Security\r\nCVE-2012-3604 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3605 : Cris Neckar of the Google Chrome Security team\r\nCVE-2012-3608 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3609 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3610 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3611 : Apple Product Security\r\nCVE-2012-3612 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3614 : Yong Li of Research In Motion, Inc.\r\nCVE-2012-3615 : Stephen Chenney of the Chromium development community\r\nCVE-2012-3617 : Apple Product Security\r\nCVE-2012-3618 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3620 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3624 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3625 : Skylined of Google Chrome Security Team\r\nCVE-2012-3626 : Apple Product Security\r\nCVE-2012-3627 : Skylined and Abhishek Arya (Inferno) of Google Chrome\r\nSecurity team\r\nCVE-2012-3628 : Apple Product Security\r\nCVE-2012-3629 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3630 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3631 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3633 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3634 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3635 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3636 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3637 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3638 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3639 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3640 : miaubiz\r\nCVE-2012-3641 : Slawomir Blazek\r\nCVE-2012-3642 : miaubiz\r\nCVE-2012-3644 : miaubiz\r\nCVE-2012-3645 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3646 : Julien Chaffraix of the Chromium development\r\ncommunity, Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3647 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3651 : Abhishek Arya (Inferno) and Martin Barbella of the\r\nGoogle Chrome Security Team\r\nCVE-2012-3652 : Martin Barbella of Google Chrome Security Team\r\nCVE-2012-3653 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3655 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3656 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3658 : Apple\r\nCVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya\r\n(Inferno) of the Google Chrome Security Team\r\nCVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3661 : Apple Product Security\r\nCVE-2012-3663 : Skylined of Google Chrome Security Team\r\nCVE-2012-3664 : Thomas Sepez of the Chromium development community\r\nCVE-2012-3665 : Martin Barbella of Google Chrome Security Team using\r\nAddressSanitizer\r\nCVE-2012-3666 : Apple\r\nCVE-2012-3667 : Trevor Squires of propaneapp.com\r\nCVE-2012-3668 : Apple Product Security\r\nCVE-2012-3669 : Apple Product Security\r\nCVE-2012-3670 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam, Arthur Gerkis\r\nCVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome\r\nSecurity Team\r\nCVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security\r\nTeam\r\nCVE-2012-3674 : Skylined of Google Chrome Security Team\r\nCVE-2012-3676 : Julien Chaffraix of the Chromium development\r\ncommunity\r\nCVE-2012-3677 : Apple\r\nCVE-2012-3678 : Apple Product Security\r\nCVE-2012-3679 : Chris Leary of Mozilla\r\nCVE-2012-3680 : Skylined of Google Chrome Security Team\r\nCVE-2012-3681 : Apple\r\nCVE-2012-3682 : Adam Barth of the Google Chrome Security Team\r\nCVE-2012-3683 : wushi of team509 working with iDefense VCP\r\nCVE-2012-3684 : kuzzcc\r\nCVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)\r\nCVE-2012-3703 : Apple Product Security\r\nCVE-2012-3704 : Skylined of the Google Chrome Security Team\r\nCVE-2012-3706 : Apple Product Security\r\nCVE-2012-3708 : Apple\r\nCVE-2012-3710 : James Robinson of Google\r\nCVE-2012-3747 : David Bloom of Cue\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch (3rd generation) and later, iPad, iPad 2\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite disclosure of information\r\nDescription: A cross-origin issue existed in the handling of CSS\r\nproperty values. This issue was addressed through improved origin\r\ntracking.\r\nCVE-ID\r\nCVE-2012-3691 : Apple\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch (3rd generation) and later, iPad, iPad 2\r\nImpact: A malicious website may be able to replace the contents of\r\nan iframe on another site\r\nDescription: A cross-origin issue existed in the handling of iframes\r\nin popup windows. This issue was addressed through improved origin\r\ntracking.\r\nCVE-ID\r\nCVE-2011-3067 : Sergey Glazunov\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS, iPhone 4, iPhone 4S,\r\niPod touch (3rd generation) and later, iPad, iPad 2\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite disclosure of information\r\nDescription: A cross-origin issue existed in the handling of iframes\r\nand fragment identifiers. This issue was addressed through improved\r\norigin tracking.\r\nCVE-ID\r\nCVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt,\r\nand Dan Boneh of the Stanford University Security Laboratory\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Look-alike characters in a URL could be used to masquerade a\r\nwebsite\r\nDescription: The International Domain Name (IDN) support and Unicode\r\nfonts embedded in Safari could have been used to create a URL which\r\ncontains look-alike characters. These could have been used in a\r\nmalicious website to direct the user to a spoofed site that visually\r\nappears to be a legitimate domain. This issue was addressed by\r\nsupplementing WebKit's list of known look-alike characters. Look-\r\nalike characters are rendered in Punycode in the address bar.\r\nCVE-ID\r\nCVE-2012-3693 : Matt Cooley of Symantec\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A canonicalization issue existed in the handling of\r\nURLs. This may have led to cross-site scripting on sites which use\r\nthe location.href property. This issue was addressed through improved\r\ncanonicalization of URLs.\r\nCVE-ID\r\nCVE-2012-3695 : Masato Kinugawa\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to HTTP\r\nrequest splitting\r\nDescription: An HTTP header injection issue existed in the handling\r\nof WebSockets. This issue was addressed through improved WebSockets\r\nURI sanitization.\r\nCVE-ID\r\nCVE-2012-3696 : David Belcher of the BlackBerry Security Incident\r\nResponse Team\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: A maliciously crafted website may be able to spoof the value\r\nin the URL bar\r\nDescription: A state management issue existed in the handling of\r\nsession history. Navigations to a fragment on the current page may\r\ncause Safari to display incorrect information in the URL bar. This\r\nissue was addressed through improved session state tracking.\r\nCVE-ID\r\nCVE-2011-2845 : Jordi Chancel\r\n\r\nWebKit\r\nAvailable for: iPhone 3GS and later,\r\niPod touch (4th generation) and later, iPad 2 and later\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of the disclosure of memory contents\r\nDescription: An uninitialized memory access issue existed in the\r\nhandling of SVG images. This issue was addressed through improved\r\nmemory initialization.\r\nCVE-ID\r\nCVE-2012-3650 : Apple\r\n\r\n\r\nInstallation note:\r\n\r\nThis update is available through iTunes and Software Update on your\r\niOS device, and will not appear in your computer's Software Update\r\napplication, or in the Apple Downloads site. Make sure you have an\r\nInternet connection and have installed the latest version of iTunes\r\nfrom www.apple.com/itunes/\r\n\r\niTunes and Software Update on the device will automatically check\r\nApple's update server on its weekly schedule. When an update is\r\ndetected, it is downloaded and the option to be installed is\r\npresented to the user when the iOS device is docked. We recommend\r\napplying the update immediately if possible. Selecting Don't Install\r\nwill present the option the next time you connect your iOS device.\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes or the device checks for updates. You may manually\r\nobtain the update via the Check for Updates button within iTunes, or\r\nthe Software Update on your device.\r\n\r\nTo check that the iPhone, iPod touch, or iPad has been updated:\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update will be "6.0".\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJQWeYHAAoJEPefwLHPlZEwFlwP/1Ib/2m8K7orlPb3zmsKTyjo\r\n3T0rFqu1LbXNzwLRhan7E7KiJoQ7U6yVO4045o/19AYZM+zGVNnHsCkUc3+Vcpa5\r\nTZIM9Rik2iXKMxzttFfc5tvhE1u18PstsDLU/jvyW+s3XxMVL54wnSmW1R+P0de0\r\n8+Q++IANogUj+scJzQkTaFDNDN5v1p0BT0+cifCcqktXB4H/PoaQ7drIWiDGYB/9\r\nn4IL5AjM0BJBzWkldfjPimZ0BseSA0BxdeVCopmAgdnigyB60G4cWGzkU7E35VnP\r\ndWgdU9rnIIvGGe/vP912f7AoPtWs1b8n6DYCJgGRXvaRfPoHFUlXaRoVB6vJlMVs\r\nJXyMrw/RSDfYEgJdNbFOSxyJXHUkTkt4+aNW4KcoMR6raI/W5zKDyMEICw1wpkwP\r\nid6Dz4e6ncf+cfvAFqXpk02OC7iJqn71IJN2MvU/hC7797l++PINIoOHwJZolt+T\r\nxL3wV8p3Lk8K6lZx3Q9Tu6Dd7GYkxtjLCgV1NgdHOwPKDUOJ47oG6RjZAd6hpicp\r\nRqYXbk5bJpd3nZv+X6FrCZqGfeuwREWW7FJ0dI+/8ohlnisTz16f48W9FtuN3HIj\r\nbmxFJ46P4LGxrizwDSdBngxf3Utkh+7hGLuMH51/jR8+tCqDIEgpKBA+2F+IOmyP\r\nXtT4lS60xKz63YSg79dd\r\n=LvMt\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-09-24T00:00:00", "published": "2012-09-24T00:00:00", "id": "SECURITYVULNS:DOC:28576", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28576", "title": "APPLE-SA-2012-09-19-1 iOS 6", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
