Lucene search

K
gentooGentoo FoundationGLSA-201201-09
HistoryJan 23, 2012 - 12:00 a.m.

FreeType: Multiple vulnerabilities

2012-01-2300:00:00
Gentoo Foundation
security.gentoo.org
17

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.513 Medium

EPSS

Percentile

97.6%

Background

FreeType is a high-quality and portable font engine.

Description

Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted font, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All FreeType users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-libs/freetype< 2.4.8UNKNOWN

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.513 Medium

EPSS

Percentile

97.6%