ID OPENVAS:71269 Type openvas Reporter Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com Modified 2017-04-10T00:00:00
Description
The remote host is missing an update to the system
as announced in the referenced advisory.
#
#VID 380e8c56-8e32-11e1-9580-4061862b8c22
# OpenVAS Vulnerability Test
# $
# Description: Auto generated from VID 380e8c56-8e32-11e1-9580-4061862b8c22
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "The following packages are affected:
firefox
linux-firefox
linux-seamonkey
linux-thunderbird
seamonkey
thunderbird
libxul
CVE-2011-1187
Google Chrome before 10.0.648.127 allows remote attackers to bypass
the Same Origin Policy via unspecified vectors, related to an 'error
message leak.'
CVE-2011-3062
Off-by-one error in the OpenType Sanitizer in Google Chrome before
18.0.1025.142 allows remote attackers to cause a denial of service or
possibly have unspecified other impact via a crafted OpenType file.
CVE-2012-0467
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird
5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey
before 2.9 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unknown vectors.
CVE-2012-0468
The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird
5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to
cause a denial of service (assertion failure and memory corruption) or
possibly execute arbitrary code via vectors related to jsval.h and the
js::array_shift function.
CVE-2012-0469
Use-after-free vulnerability in the
mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function
in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4,
Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and
SeaMonkey before 2.9 allows remote attackers to execute arbitrary code
via vectors related to crafted IndexedDB data.
CVE-2012-0470
Heap-based buffer overflow in the
nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox
4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0
through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before
2.9 allows remote attackers to cause a denial of service (invalid
gfxImageSurface free operation) or possibly execute arbitrary code by
leveraging the use of 'different number systems.'
CVE-2012-0471
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x
through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through
11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9
allows remote attackers to inject arbitrary web script or HTML via a
multibyte character set.
CVE-2012-0472
The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0,
Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0,
Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when
certain Windows Vista and Windows 7 configurations are used, does not
properly restrict font-rendering attempts, which allows remote
attackers to cause a denial of service (memory corruption) or possibly
execute arbitrary code via unspecified vectors.
CVE-2012-0473
The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x
through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through
11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9
calls the FindMaxElementInSubArray function with incorrect template
arguments, which allows remote attackers to obtain sensitive
information from video memory via a crafted WebGL.drawElements call.
CVE-2012-0474
Cross-site scripting (XSS) vulnerability in the docshell
implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x
before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x
before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to
inject arbitrary web script or HTML via vectors related to
short-circuited page loads, aka 'Universal XSS (UXSS).'
CVE-2012-0475
Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and
SeaMonkey before 2.9 do not properly construct the Origin and
Sec-WebSocket-Origin HTTP headers, which might allow remote attackers
to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or
(2) WebSocket operation involving a nonstandard port number and an
IPv6 address that contains certain zero fields.
CVE-2012-0477
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox
4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0
through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before
2.9 allow remote attackers to inject arbitrary web script or HTML via
the (1) ISO-2022-KR or (2) ISO-2022-CN character set.
CVE-2012-0478
The texImage2D implementation in the WebGL subsystem in Mozilla
Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird
5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey
before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which
might allow remote attackers to execute arbitrary code via a crafted
web page.
CVE-2012-0479
Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4,
Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and
SeaMonkey before 2.9 allow remote attackers to spoof the address bar
via an https URL for invalid (1) RSS or (2) Atom XML content.
CVE-2012-1126
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via crafted property data in a BDF
font.
CVE-2012-1127
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via crafted glyph or bitmap data in a
BDF font.
CVE-2012-1128
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (NULL pointer dereference and memory corruption) or possibly
execute arbitrary code via a crafted TrueType font.
CVE-2012-1129
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via a crafted SFNT string in a Type 42
font.
CVE-2012-1130
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via crafted property data in a PCF
font.
CVE-2012-1131
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, on 64-bit platforms allows remote attackers to
cause a denial of service (invalid heap read operation and memory
corruption) or possibly execute arbitrary code via vectors related to
the cell table of a font.
CVE-2012-1132
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via crafted dictionary data in a Type
1 font.
CVE-2012-1133
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap write operation and memory corruption) or
possibly execute arbitrary code via crafted glyph or bitmap data in a
BDF font.
CVE-2012-1134
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap write operation and memory corruption) or
possibly execute arbitrary code via crafted private-dictionary data in
a Type 1 font.
CVE-2012-1135
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via vectors involving the NPUSHB and
NPUSHW instructions in a TrueType font.
CVE-2012-1136
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap write operation and memory corruption) or
possibly execute arbitrary code via crafted glyph or bitmap data in a
BDF font that lacks an ENCODING field.
CVE-2012-1137
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via a crafted header in a BDF font.
CVE-2012-1138
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via vectors involving the MIRP
instruction in a TrueType font.
CVE-2012-1139
Array index error in FreeType before 2.4.9, as used in Mozilla Firefox
Mobile before 10.0.4 and other products, allows remote attackers to
cause a denial of service (invalid stack read operation and memory
corruption) or possibly execute arbitrary code via crafted glyph data
in a BDF font.
CVE-2012-1140
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via a crafted PostScript font object.
CVE-2012-1141
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap read operation and memory corruption) or
possibly execute arbitrary code via a crafted ASCII string in a BDF
font.
CVE-2012-1142
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap write operation and memory corruption) or
possibly execute arbitrary code via crafted glyph-outline data in a
font.
CVE-2012-1143
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (divide-by-zero error) via a crafted font.
CVE-2012-1144
FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4
and other products, allows remote attackers to cause a denial of
service (invalid heap write operation and memory corruption) or
possibly execute arbitrary code via a crafted TrueType font.";
tag_solution = "Update your system with the appropriate patches or
software upgrades.
http://www.mozilla.org/security/announce/2012/mfsa2012-20.html
http://www.mozilla.org/security/announce/2012/mfsa2012-21.html
http://www.mozilla.org/security/announce/2012/mfsa2012-22.html
http://www.mozilla.org/security/announce/2012/mfsa2012-23.html
http://www.mozilla.org/security/announce/2012/mfsa2012-24.html
http://www.mozilla.org/security/announce/2012/mfsa2012-25.html
http://www.mozilla.org/security/announce/2012/mfsa2012-26.html
http://www.mozilla.org/security/announce/2012/mfsa2012-27.html
http://www.mozilla.org/security/announce/2012/mfsa2012-28.html
http://www.mozilla.org/security/announce/2012/mfsa2012-29.html
http://www.mozilla.org/security/announce/2012/mfsa2012-30.html
http://www.mozilla.org/security/announce/2012/mfsa2012-31.html
http://www.mozilla.org/security/announce/2012/mfsa2012-32.html
http://www.mozilla.org/security/announce/2012/mfsa2012-33.html
http://www.vuxml.org/freebsd/380e8c56-8e32-11e1-9580-4061862b8c22.html";
tag_summary = "The remote host is missing an update to the system
as announced in the referenced advisory.";
if(description)
{
script_id(71269);
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_cve_id("CVE-2011-1187", "CVE-2011-3062", "CVE-2012-0467", "CVE-2012-0468", "CVE-2012-0469", "CVE-2012-0470", "CVE-2012-0471", "CVE-2012-0472", "CVE-2012-0473", "CVE-2012-0474", "CVE-2012-0475", "CVE-2012-0477", "CVE-2012-0478", "CVE-2012-0479", "CVE-2012-1126", "CVE-2012-1127", "CVE-2012-1128", "CVE-2012-1129", "CVE-2012-1130", "CVE-2012-1131", "CVE-2012-1132", "CVE-2012-1133", "CVE-2012-1134", "CVE-2012-1135", "CVE-2012-1136", "CVE-2012-1137", "CVE-2012-1138", "CVE-2012-1139", "CVE-2012-1140", "CVE-2012-1141", "CVE-2012-1142", "CVE-2012-1143", "CVE-2012-1144");
script_version("$Revision: 5912 $");
script_tag(name:"last_modification", value:"$Date: 2017-04-10 11:01:51 +0200 (Mon, 10 Apr 2017) $");
script_tag(name:"creation_date", value:"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)");
script_name("FreeBSD Ports: firefox");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsdrel", "login/SSH/success");
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-bsd.inc");
vuln = 0;
txt = "";
bver = portver(pkg:"firefox");
if(!isnull(bver) && revcomp(a:bver, b:"11.0,1")>0 && revcomp(a:bver, b:"12.0,1")<0) {
txt += "Package firefox version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
if(!isnull(bver) && revcomp(a:bver, b:"10.0.4,1")<0) {
txt += "Package firefox version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
bver = portver(pkg:"linux-firefox");
if(!isnull(bver) && revcomp(a:bver, b:"10.0.4,1")<0) {
txt += "Package linux-firefox version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
bver = portver(pkg:"linux-seamonkey");
if(!isnull(bver) && revcomp(a:bver, b:"2.9")<0) {
txt += "Package linux-seamonkey version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
bver = portver(pkg:"linux-thunderbird");
if(!isnull(bver) && revcomp(a:bver, b:"10.0.4")<0) {
txt += "Package linux-thunderbird version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
bver = portver(pkg:"seamonkey");
if(!isnull(bver) && revcomp(a:bver, b:"2.9")<0) {
txt += "Package seamonkey version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
bver = portver(pkg:"thunderbird");
if(!isnull(bver) && revcomp(a:bver, b:"11.0")>0 && revcomp(a:bver, b:"12.0")<0) {
txt += "Package thunderbird version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
if(!isnull(bver) && revcomp(a:bver, b:"10.0.4")<0) {
txt += "Package thunderbird version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
bver = portver(pkg:"libxul");
if(!isnull(bver) && revcomp(a:bver, b:"1.9.2")>0 && revcomp(a:bver, b:"10.0.4")<0) {
txt += "Package libxul version " + bver + " is installed which is known to be vulnerable.\n";
vuln = 1;
}
if(vuln) {
security_message(data:string(txt ));
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"bulletinFamily": "scanner", "viewCount": 0, "naslFamily": "FreeBSD Local Security Checks", "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "references": [], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "02be62ae5d16a3099bce68e7cd24959d"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "b61b488598bc075b85e0c3d5f67ea70d"}, {"key": "href", "hash": "bd229c8c1bb163dd5f87e9034e6a146b"}, {"key": "modified", "hash": "65af6292acecbb34e300af13aeaff5e3"}, {"key": "naslFamily", "hash": "fe45aa727b58c1249bf04cfb7b4e6ae0"}, {"key": "pluginID", "hash": "87eaf8555c35ab6637bbdd674f6f60a9"}, {"key": "published", "hash": "f8cab38eed862b5657b7f77af3c2e996"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "e34e2f978e4314ac3276e0e621a2704e"}, {"key": "sourceData", "hash": "1815e52a33362b24d974bb2e1759d4e3"}, {"key": "title", "hash": "33a96bbddb4721f6ad3e7d65027e6ad8"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=71269", "modified": "2017-04-10T00:00:00", "objectVersion": "1.3", "enchantments": {"score": {"value": 8.3, "vector": "NONE", "modified": "2017-07-02T21:10:45"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:136141256231071269", "OPENVAS:136141256231071283", "OPENVAS:136141256231071314", "OPENVAS:1361412562310831659", "OPENVAS:865262", "OPENVAS:1361412562310865262", "OPENVAS:71283", "OPENVAS:850176", "OPENVAS:1361412562310840959", "OPENVAS:71314"]}, {"type": "nessus", "idList": ["SOLARIS11_FREETYPE_20141107_2.NASL", "GENTOO_GLSA-201204-04.NASL", "FREEBSD_PKG_380E8C568E3211E195804061862B8C22.NASL", "OPENSUSE-2012-220.NASL", "UBUNTU_USN-1403-1.NASL", "MANDRIVA_MDVSA-2012-057.NASL", "SUSE_11_FREETYPE2-120328.NASL", "FREEBSD_PKG_462E2D6C801711E1A571BCAEC565249C.NASL", "UBUNTU_USN-1430-1.NASL", "UBUNTU_USN-1430-3.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12355"]}, {"type": "freebsd", "idList": ["380E8C56-8E32-11E1-9580-4061862B8C22", "462E2D6C-8017-11E1-A571-BCAEC565249C"]}, {"type": "mozilla", "idList": ["MFSA2012-21"]}, {"type": "gentoo", "idList": ["GLSA-201204-04"]}, {"type": "ubuntu", "idList": ["USN-1403-1", "USN-1430-1", "USN-1430-3", "USN-1430-2"]}, {"type": "suse", "idList": ["SUSE-SU-2012:0484-1", "OPENSUSE-SU-2012:0489-1", "SUSE-SU-2012:0483-1", "SUSE-SU-2012:0483-2", "SUSE-SU-2012:0521-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0516", "ELSA-2012-0515", "ELSA-2012-0467"]}, {"type": "redhat", "idList": ["RHSA-2012:0515", "RHSA-2012:0516", "RHSA-2012:0467"]}, {"type": "centos", "idList": ["CESA-2012:0516", "CESA-2012:0515"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2428-1:A1E46"]}], "modified": "2017-07-02T21:10:45"}, "vulnersScore": 8.3}, "id": "OPENVAS:71269", "title": "FreeBSD Ports: firefox", "hash": "b60f6c13140aec1ddcde36aa492ffeee4185c997dc825e5e543c5a61cc643971", "edition": 1, "published": "2012-04-30T00:00:00", "type": "openvas", "history": [], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvelist": ["CVE-2012-0478", "CVE-2012-1140", "CVE-2012-1131", "CVE-2012-1136", "CVE-2012-0479", "CVE-2012-1138", "CVE-2012-1127", "CVE-2012-0470", "CVE-2012-1126", "CVE-2012-1141", "CVE-2012-1130", "CVE-2012-1135", "CVE-2012-1144", "CVE-2012-1133", "CVE-2012-0472", "CVE-2012-1134", "CVE-2012-0469", "CVE-2012-1139", "CVE-2012-0475", "CVE-2012-0474", "CVE-2012-1132", "CVE-2012-1142", "CVE-2011-1187", "CVE-2012-0468", "CVE-2012-1128", "CVE-2012-1129", "CVE-2011-3062", "CVE-2012-0477", "CVE-2012-0473", "CVE-2012-1143", "CVE-2012-0467", "CVE-2012-0471", "CVE-2012-1137"], "lastseen": "2017-07-02T21:10:45", "sourceData": "#\n#VID 380e8c56-8e32-11e1-9580-4061862b8c22\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 380e8c56-8e32-11e1-9580-4061862b8c22\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n firefox\n linux-firefox\n linux-seamonkey\n linux-thunderbird\n seamonkey\n thunderbird\n libxul\n\nCVE-2011-1187\nGoogle Chrome before 10.0.648.127 allows remote attackers to bypass\nthe Same Origin Policy via unspecified vectors, related to an 'error\nmessage leak.'\nCVE-2011-3062\nOff-by-one error in the OpenType Sanitizer in Google Chrome before\n18.0.1025.142 allows remote attackers to cause a denial of service or\npossibly have unspecified other impact via a crafted OpenType file.\nCVE-2012-0467\nMultiple unspecified vulnerabilities in the browser engine in Mozilla\nFirefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird\n5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey\nbefore 2.9 allow remote attackers to cause a denial of service (memory\ncorruption and application crash) or possibly execute arbitrary code\nvia unknown vectors.\nCVE-2012-0468\nThe browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird\n5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to\ncause a denial of service (assertion failure and memory corruption) or\npossibly execute arbitrary code via vectors related to jsval.h and the\njs::array_shift function.\nCVE-2012-0469\nUse-after-free vulnerability in the\nmozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function\nin Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4,\nThunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and\nSeaMonkey before 2.9 allows remote attackers to execute arbitrary code\nvia vectors related to crafted IndexedDB data.\nCVE-2012-0470\nHeap-based buffer overflow in the\nnsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox\n4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0\nthrough 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before\n2.9 allows remote attackers to cause a denial of service (invalid\ngfxImageSurface free operation) or possibly execute arbitrary code by\nleveraging the use of 'different number systems.'\nCVE-2012-0471\nCross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x\nthrough 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through\n11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9\nallows remote attackers to inject arbitrary web script or HTML via a\nmultibyte character set.\nCVE-2012-0472\nThe cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0,\nFirefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0,\nThunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when\ncertain Windows Vista and Windows 7 configurations are used, does not\nproperly restrict font-rendering attempts, which allows remote\nattackers to cause a denial of service (memory corruption) or possibly\nexecute arbitrary code via unspecified vectors.\nCVE-2012-0473\nThe WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x\nthrough 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through\n11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9\ncalls the FindMaxElementInSubArray function with incorrect template\narguments, which allows remote attackers to obtain sensitive\ninformation from video memory via a crafted WebGL.drawElements call.\nCVE-2012-0474\nCross-site scripting (XSS) vulnerability in the docshell\nimplementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x\nbefore 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x\nbefore 10.0.4, and SeaMonkey before 2.9 allows remote attackers to\ninject arbitrary web script or HTML via vectors related to\nshort-circuited page loads, aka 'Universal XSS (UXSS).'\nCVE-2012-0475\nMozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and\nSeaMonkey before 2.9 do not properly construct the Origin and\nSec-WebSocket-Origin HTTP headers, which might allow remote attackers\nto bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or\n(2) WebSocket operation involving a nonstandard port number and an\nIPv6 address that contains certain zero fields.\nCVE-2012-0477\nMultiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox\n4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0\nthrough 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before\n2.9 allow remote attackers to inject arbitrary web script or HTML via\nthe (1) ISO-2022-KR or (2) ISO-2022-CN character set.\nCVE-2012-0478\nThe texImage2D implementation in the WebGL subsystem in Mozilla\nFirefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird\n5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey\nbefore 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which\nmight allow remote attackers to execute arbitrary code via a crafted\nweb page.\nCVE-2012-0479\nMozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4,\nThunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and\nSeaMonkey before 2.9 allow remote attackers to spoof the address bar\nvia an https URL for invalid (1) RSS or (2) Atom XML content.\nCVE-2012-1126\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via crafted property data in a BDF\nfont.\nCVE-2012-1127\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via crafted glyph or bitmap data in a\nBDF font.\nCVE-2012-1128\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (NULL pointer dereference and memory corruption) or possibly\nexecute arbitrary code via a crafted TrueType font.\nCVE-2012-1129\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via a crafted SFNT string in a Type 42\nfont.\nCVE-2012-1130\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via crafted property data in a PCF\nfont.\nCVE-2012-1131\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, on 64-bit platforms allows remote attackers to\ncause a denial of service (invalid heap read operation and memory\ncorruption) or possibly execute arbitrary code via vectors related to\nthe cell table of a font.\nCVE-2012-1132\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via crafted dictionary data in a Type\n1 font.\nCVE-2012-1133\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap write operation and memory corruption) or\npossibly execute arbitrary code via crafted glyph or bitmap data in a\nBDF font.\nCVE-2012-1134\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap write operation and memory corruption) or\npossibly execute arbitrary code via crafted private-dictionary data in\na Type 1 font.\nCVE-2012-1135\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via vectors involving the NPUSHB and\nNPUSHW instructions in a TrueType font.\nCVE-2012-1136\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap write operation and memory corruption) or\npossibly execute arbitrary code via crafted glyph or bitmap data in a\nBDF font that lacks an ENCODING field.\nCVE-2012-1137\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via a crafted header in a BDF font.\nCVE-2012-1138\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via vectors involving the MIRP\ninstruction in a TrueType font.\nCVE-2012-1139\nArray index error in FreeType before 2.4.9, as used in Mozilla Firefox\nMobile before 10.0.4 and other products, allows remote attackers to\ncause a denial of service (invalid stack read operation and memory\ncorruption) or possibly execute arbitrary code via crafted glyph data\nin a BDF font.\nCVE-2012-1140\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via a crafted PostScript font object.\nCVE-2012-1141\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via a crafted ASCII string in a BDF\nfont.\nCVE-2012-1142\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap write operation and memory corruption) or\npossibly execute arbitrary code via crafted glyph-outline data in a\nfont.\nCVE-2012-1143\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (divide-by-zero error) via a crafted font.\nCVE-2012-1144\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap write operation and memory corruption) or\npossibly execute arbitrary code via a crafted TrueType font.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-20.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-21.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-22.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-23.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-24.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-25.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-26.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-27.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-28.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-29.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-30.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-31.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-32.html\nhttp://www.mozilla.org/security/announce/2012/mfsa2012-33.html\nhttp://www.vuxml.org/freebsd/380e8c56-8e32-11e1-9580-4061862b8c22.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(71269);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-1187\", \"CVE-2011-3062\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0472\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\", \"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_version(\"$Revision: 5912 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-10 11:01:51 +0200 (Mon, 10 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: firefox\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"11.0,1\")>0 && revcomp(a:bver, b:\"12.0,1\")<0) {\n txt += \"Package firefox version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.4,1\")<0) {\n txt += \"Package firefox version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"linux-firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.4,1\")<0) {\n txt += \"Package linux-firefox version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"linux-seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.9\")<0) {\n txt += \"Package linux-seamonkey version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"linux-thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.4\")<0) {\n txt += \"Package linux-thunderbird version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.9\")<0) {\n txt += \"Package seamonkey version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"11.0\")>0 && revcomp(a:bver, b:\"12.0\")<0) {\n txt += \"Package thunderbird version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.4\")<0) {\n txt += \"Package thunderbird version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\nbver = portver(pkg:\"libxul\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.9.2\")>0 && revcomp(a:bver, b:\"10.0.4\")<0) {\n txt += \"Package libxul version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "pluginID": "71269"}
{"openvas": [{"lastseen": "2019-05-29T18:39:18", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2019-03-14T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:136141256231071269", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071269", "title": "FreeBSD Ports: firefox", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_firefox65.nasl 14170 2019-03-14 09:24:12Z cfischer $\n#\n# Auto generated from VID 380e8c56-8e32-11e1-9580-4061862b8c22\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71269\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-1187\", \"CVE-2011-3062\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0472\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\", \"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_version(\"$Revision: 14170 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 10:24:12 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n firefox\n linux-firefox\n linux-seamonkey\n linux-thunderbird\n seamonkey\n thunderbird\n libxul\n\nCVE-2011-1187\nGoogle Chrome before 10.0.648.127 allows remote attackers to bypass\nthe Same Origin Policy via unspecified vectors, related to an 'error\nmessage leak.'\nCVE-2011-3062\nOff-by-one error in the OpenType Sanitizer in Google Chrome before\n18.0.1025.142 allows remote attackers to cause a denial of service or\npossibly have unspecified other impact via a crafted OpenType file.\nCVE-2012-0467\nMultiple unspecified vulnerabilities in the browser engine in Mozilla\nFirefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird\n5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey\nbefore 2.9 allow remote attackers to cause a denial of service (memory\ncorruption and application crash) or possibly execute arbitrary code\nvia unknown vectors.\nCVE-2012-0468\nThe browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird\n5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to\ncause a denial of service (assertion failure and memory corruption) or\npossibly execute arbitrary code via vectors related to jsval.h and the\njs::array_shift function.\nCVE-2012-0469\nUse-after-free vulnerability in the\nmozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function\nin Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4,\nThunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and\nSeaMonkey before 2.9 allows remote attackers to execute arbitrary code\nvia vectors related to crafted IndexedDB data.\n\nText truncated. Please see the references for more information.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-20.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-21.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-22.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-23.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-24.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-25.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-26.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-27.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-28.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-29.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-30.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-31.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-32.html\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/security/announce/2012/mfsa2012-33.html\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/380e8c56-8e32-11e1-9580-4061862b8c22.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"11.0,1\")>0 && revcomp(a:bver, b:\"12.0,1\")<0) {\n txt += \"Package firefox version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.4,1\")<0) {\n txt += \"Package firefox version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"linux-firefox\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.4,1\")<0) {\n txt += \"Package linux-firefox version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"linux-seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.9\")<0) {\n txt += \"Package linux-seamonkey version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"linux-thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.4\")<0) {\n txt += \"Package linux-thunderbird version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"seamonkey\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.9\")<0) {\n txt += \"Package seamonkey version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"thunderbird\");\nif(!isnull(bver) && revcomp(a:bver, b:\"11.0\")>0 && revcomp(a:bver, b:\"12.0\")<0) {\n txt += \"Package thunderbird version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"10.0.4\")<0) {\n txt += \"Package thunderbird version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"libxul\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.9.2\")>0 && revcomp(a:bver, b:\"10.0.4\")<0) {\n txt += \"Package libxul version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:18", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2019-03-14T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:136141256231071283", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071283", "title": "FreeBSD Ports: freetype2", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_freetype25.nasl 14170 2019-03-14 09:24:12Z cfischer $\n#\n# Auto generated from VID 462e2d6c-8017-11e1-a571-bcaec565249c\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71283\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_version(\"$Revision: 14170 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 10:24:12 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:26 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"FreeBSD Ports: freetype2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: freetype2\n\nCVE-2012-1126\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via crafted property data in a BDF\nfont.\nCVE-2012-1127\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via crafted glyph or bitmap data in a\nBDF font.\nCVE-2012-1128\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (NULL pointer dereference and memory corruption) or possibly\nexecute arbitrary code via a crafted TrueType font.\nCVE-2012-1129\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via a crafted SFNT string in a Type 42\nfont.\nCVE-2012-1130\nFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4\nand other products, allows remote attackers to cause a denial of\nservice (invalid heap read operation and memory corruption) or\npossibly execute arbitrary code via crafted property data in a PCF\nfont.\n\nText truncated. Please see the references for more information.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"https://sourceforge.net/projects/freetype/files/freetype2/2.4.9/README/view\");\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=806270\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/462e2d6c-8017-11e1-a571-bcaec565249c.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"freetype2\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.4.9\")<0) {\n txt += \"Package freetype2 version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:39", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201204-04.", "modified": "2018-10-12T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:136141256231071314", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071314", "title": "Gentoo Security Advisory GLSA 201204-04 (FreeType)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201204_04.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71314\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:57 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201204-04 (FreeType)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in FreeType, allowing\n remote attackers to possibly execute arbitrary code or cause Denial of\n Service.\");\n script_tag(name:\"solution\", value:\"All FreeType users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.4.9'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201204-04\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=407257\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201204-04.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-libs/freetype\", unaffected: make_list(\"ge 2.4.9\"), vulnerable: make_list(\"lt 2.4.9\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:50", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:1361412562310831659", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831659", "title": "Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:057\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831659\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:59:00 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\",\n \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\",\n \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\",\n \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\",\n \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"MDVSA\", value:\"2012:057\");\n script_name(\"Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2|2010\\.1)\");\n script_tag(name:\"affected\", value:\"freetype2 on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in FreeType. Specially crafted files\n could cause application crashes or potentially execute arbitrary\n code (CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129,\n CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133,\n CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137,\n CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141,\n CVE-2012-1142, CVE-2012-1143, CVE-2012-1144).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-demos\", rpm:\"freetype2-demos~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-demos\", rpm:\"freetype2-demos~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-demos\", rpm:\"freetype2-demos~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-12-13T00:00:00", "id": "OPENVAS:1361412562310850176", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850176", "title": "SuSE Update for freetype2 openSUSE-SU-2012:0489-1 (freetype2)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0489_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for freetype2 openSUSE-SU-2012:0489-1 (freetype2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850176\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:30 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\",\n \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\",\n \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\",\n \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\",\n \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"openSUSE-SU\", value:\"2012:0489_1\");\n script_name(\"SuSE Update for freetype2 openSUSE-SU-2012:0489-1 (freetype2)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'freetype2'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE11\\.4|openSUSE12\\.1)\");\n script_tag(name:\"affected\", value:\"freetype2 on openSUSE 12.1, openSUSE 11.4\");\n script_tag(name:\"insight\", value:\"Specially crafted font files could cause buffer overflows\n in freetype\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-debugsource\", rpm:\"freetype2-debugsource~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2-devel\", rpm:\"freetype2-devel~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo\", rpm:\"libfreetype6-debuginfo~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2-devel-32bit\", rpm:\"freetype2-devel-32bit~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-32bit\", rpm:\"libfreetype6-32bit~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo-32bit\", rpm:\"libfreetype6-debuginfo-32bit~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo-x86\", rpm:\"libfreetype6-debuginfo-x86~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-x86\", rpm:\"libfreetype6-x86~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"openSUSE12.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-debugsource\", rpm:\"freetype2-debugsource~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2-devel\", rpm:\"freetype2-devel~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo\", rpm:\"libfreetype6-debuginfo~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2-devel-32bit\", rpm:\"freetype2-devel-32bit~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-32bit\", rpm:\"libfreetype6-32bit~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo-32bit\", rpm:\"libfreetype6-debuginfo-32bit~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo-x86\", rpm:\"libfreetype6-debuginfo-x86~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-x86\", rpm:\"libfreetype6-x86~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-06T13:07:51", "bulletinFamily": "scanner", "description": "Check for the Version of freetype2", "modified": "2018-01-04T00:00:00", "published": "2012-08-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831659", "id": "OPENVAS:831659", "title": "Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple flaws were found in FreeType. Specially crafted files\n could cause application crashes or potentially execute arbitrary\n code (CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129,\n CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133,\n CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137,\n CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141,\n CVE-2012-1142, CVE-2012-1143, CVE-2012-1144).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"freetype2 on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:057\");\n script_id(831659);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:59:00 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\",\n \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\",\n \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\",\n \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\",\n \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2012:057\");\n script_name(\"Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-demos\", rpm:\"freetype2-demos~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.4.5~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-demos\", rpm:\"freetype2-demos~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.7~1.10mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-demos\", rpm:\"freetype2-demos~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-devel\", rpm:\"libfreetype6-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-static-devel\", rpm:\"libfreetype6-static-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6\", rpm:\"lib64freetype6~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-devel\", rpm:\"lib64freetype6-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64freetype6-static-devel\", rpm:\"lib64freetype6-static-devel~2.3.12~1.9mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:20:10", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1403-1", "modified": "2017-12-01T00:00:00", "published": "2012-03-26T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840959", "id": "OPENVAS:840959", "title": "Ubuntu Update for freetype USN-1403-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1403_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for freetype USN-1403-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash. (CVE-2012-1126)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash. (CVE-2012-1127)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1128)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed Type42 font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1129)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed PCF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash. (CVE-2012-1130)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1131)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed Type1 font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1132)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash or possibly execute\n arbitrary code with user privileges. (CVE-2012-1133)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed Type1 font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash or possibly\n execute arbitrary code with user privileges. (CVE-2012-1134)\n \n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1135)\n \n Mateusz Jurczyk discovere ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1403-1\";\ntag_affected = \"freetype on Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1403-1/\");\n script_id(840959);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-26 14:17:20 +0530 (Mon, 26 Mar 2012)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_xref(name: \"USN\", value: \"1403-1\");\n script_name(\"Ubuntu Update for freetype USN-1403-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.2-2ubuntu0.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.11-1ubuntu2.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.4-2ubuntu1.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.4-1ubuntu2.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.5-1ubuntu4.8.04.9\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:28", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 201204-04.", "modified": "2017-07-07T00:00:00", "published": "2012-04-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=71314", "id": "OPENVAS:71314", "title": "Gentoo Security Advisory GLSA 201204-04 (FreeType)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in FreeType, allowing\n remote attackers to possibly execute arbitrary code or cause Denial of\n Service.\";\ntag_solution = \"All FreeType users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.4.9'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201204-04\nhttp://bugs.gentoo.org/show_bug.cgi?id=407257\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201204-04.\";\n\n \n \nif(description)\n{\n script_id(71314);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:59:57 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201204-04 (FreeType)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"media-libs/freetype\", unaffected: make_list(\"ge 2.4.9\"), vulnerable: make_list(\"lt 2.4.9\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-03T10:58:40", "bulletinFamily": "scanner", "description": "Check for the Version of freetype2", "modified": "2018-01-03T00:00:00", "published": "2012-12-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850176", "id": "OPENVAS:850176", "title": "SuSE Update for freetype2 openSUSE-SU-2012:0489-1 (freetype2)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2012_0489_1.nasl 8273 2018-01-03 06:29:19Z teissa $\n#\n# SuSE Update for freetype2 openSUSE-SU-2012:0489-1 (freetype2)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"freetype2 on openSUSE 12.1, openSUSE 11.4\";\ntag_insight = \"Specially crafted font files could cause buffer overflows\n in freetype\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850176);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-13 17:01:30 +0530 (Thu, 13 Dec 2012)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\",\n \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\",\n \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\",\n \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\",\n \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"openSUSE-SU\", value: \"2012:0489_1\");\n script_name(\"SuSE Update for freetype2 openSUSE-SU-2012:0489-1 (freetype2)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of freetype2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-debugsource\", rpm:\"freetype2-debugsource~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2-devel\", rpm:\"freetype2-devel~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo\", rpm:\"libfreetype6-debuginfo~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2-devel-32bit\", rpm:\"freetype2-devel-32bit~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-32bit\", rpm:\"libfreetype6-32bit~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo-32bit\", rpm:\"libfreetype6-debuginfo-32bit~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo-x86\", rpm:\"libfreetype6-debuginfo-x86~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-x86\", rpm:\"libfreetype6-x86~2.4.4~7.24.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE12.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"freetype2-debugsource\", rpm:\"freetype2-debugsource~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2-devel\", rpm:\"freetype2-devel~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6\", rpm:\"libfreetype6~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo\", rpm:\"libfreetype6-debuginfo~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"freetype2-devel-32bit\", rpm:\"freetype2-devel-32bit~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-32bit\", rpm:\"libfreetype6-32bit~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo-32bit\", rpm:\"libfreetype6-debuginfo-32bit~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-debuginfo-x86\", rpm:\"libfreetype6-debuginfo-x86~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libfreetype6-x86\", rpm:\"libfreetype6-x86~2.4.7~6.1\", rls:\"openSUSE12.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:32", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1403-1", "modified": "2019-03-13T00:00:00", "published": "2012-03-26T00:00:00", "id": "OPENVAS:1361412562310840959", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840959", "title": "Ubuntu Update for freetype USN-1403-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1403_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for freetype USN-1403-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1403-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840959\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-26 14:17:20 +0530 (Mon, 26 Mar 2012)\");\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_xref(name:\"USN\", value:\"1403-1\");\n script_name(\"Ubuntu Update for freetype USN-1403-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.10|11\\.04|8\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1403-1\");\n script_tag(name:\"affected\", value:\"freetype on Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS,\n Ubuntu 8.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash. (CVE-2012-1126)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash. (CVE-2012-1127)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1128)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed Type42 font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1129)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed PCF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash. (CVE-2012-1130)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1131)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed Type1 font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1132)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed BDF font files. If a user were tricked into using a specially crafted\n font file, a remote attacker could cause FreeType to crash or possibly execute\n arbitrary code with user privileges. (CVE-2012-1133)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed Type1 font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash or possibly\n execute arbitrary code with user privileges. (CVE-2012-1134)\n\n Mateusz Jurczyk discovered that FreeType did not correctly handle certain\n malformed TrueType font files. If a user were tricked into using a specially\n crafted font file, a remote attacker could cause FreeType to crash.\n (CVE-2012-1135)\n\n Mateusz Jurczyk discovere ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.2-2ubuntu0.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.11-1ubuntu2.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.4-2ubuntu1.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.4.4-1ubuntu2.3\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libfreetype6\", ver:\"2.3.5-1ubuntu4.8.04.9\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:50", "bulletinFamily": "unix", "description": "\nThe Mozilla Project reports:\n\nMFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)\nMFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9\nMFSA 2012-22 use-after-free in IDBKeyRange\nMFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface\nMFSA 2012-24 Potential XSS via multibyte content processing errors\nMFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite\nMFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error\nMFSA 2012-27 Page load short-circuit can lead to XSS\nMFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions\nMFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues\nMFSA 2012-30 Crash with WebGL content using textImage2D\nMFSA 2012-31 Off-by-one error in OpenType Sanitizer\nMFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors\nMFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds\n\n", "modified": "2012-04-24T00:00:00", "published": "2012-04-24T00:00:00", "id": "380E8C56-8E32-11E1-9580-4061862B8C22", "href": "https://vuxml.freebsd.org/freebsd/380e8c56-8e32-11e1-9580-4061862b8c22.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:51", "bulletinFamily": "unix", "description": "\nThe Freetype project reports:\n\nMultiple vulnerabilities exist in freetype that can result in\n\t application crashes and remote code execution. Please review\n\t the details in each of the CVEs for additional information.\n\n", "modified": "2012-03-08T00:00:00", "published": "2012-03-08T00:00:00", "id": "462E2D6C-8017-11E1-A571-BCAEC565249C", "href": "https://vuxml.freebsd.org/freebsd/462e2d6c-8017-11e1-a571-bcaec565249c.html", "title": "freetype -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-02-21T01:16:35", "bulletinFamily": "scanner", "description": "The Mozilla Project reports :\n\nMFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)\n\nMFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9\n\nMFSA 2012-22 use-after-free in IDBKeyRange\n\nMFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface\n\nMFSA 2012-24 Potential XSS via multibyte content processing errors\n\nMFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite\n\nMFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error\n\nMFSA 2012-27 Page load short-circuit can lead to XSS\n\nMFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions\n\nMFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues\n\nMFSA 2012-30 Crash with WebGL content using textImage2D\n\nMFSA 2012-31 Off-by-one error in OpenType Sanitizer\n\nMFSA 2012-32 HTTP Redirections and remote content can be read by JavaScript errors\n\nMFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds", "modified": "2018-11-21T00:00:00", "id": "FREEBSD_PKG_380E8C568E3211E195804061862B8C22.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58864", "published": "2012-04-25T00:00:00", "title": "FreeBSD : mozilla -- multiple vulnerabilities (380e8c56-8e32-11e1-9580-4061862b8c22)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58864);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/21 10:46:30\");\n\n script_cve_id(\"CVE-2011-1187\", \"CVE-2011-3062\", \"CVE-2012-0467\", \"CVE-2012-0468\", \"CVE-2012-0469\", \"CVE-2012-0470\", \"CVE-2012-0471\", \"CVE-2012-0472\", \"CVE-2012-0473\", \"CVE-2012-0474\", \"CVE-2012-0475\", \"CVE-2012-0477\", \"CVE-2012-0478\", \"CVE-2012-0479\", \"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (380e8c56-8e32-11e1-9580-4061862b8c22)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Project reports :\n\nMFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)\n\nMFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9\n\nMFSA 2012-22 use-after-free in IDBKeyRange\n\nMFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface\n\nMFSA 2012-24 Potential XSS via multibyte content processing errors\n\nMFSA 2012-25 Potential memory corruption during font rendering using\ncairo-dwrite\n\nMFSA 2012-26 WebGL.drawElements may read illegal video memory due to\nFindMaxUshortElement error\n\nMFSA 2012-27 Page load short-circuit can lead to XSS\n\nMFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver\naccess restrictions\n\nMFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding\nissues\n\nMFSA 2012-30 Crash with WebGL content using textImage2D\n\nMFSA 2012-31 Off-by-one error in OpenType Sanitizer\n\nMFSA 2012-32 HTTP Redirections and remote content can be read by\nJavaScript errors\n\nMFSA 2012-33 Potential site identity spoofing when loading RSS and\nAtom feeds\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-20.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-21.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-21/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-22.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-22/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-23.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-23/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-24.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-24/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-25.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-25/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-26.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-26/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-27.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-27/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-28.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-28/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-29.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-29/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-30.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-30/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-31.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-31/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-32.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-32/\"\n );\n # http://www.mozilla.org/security/announce/2012/mfsa2012-33.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-33/\"\n );\n # https://vuxml.freebsd.org/freebsd/380e8c56-8e32-11e1-9580-4061862b8c22.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?09c4f784\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxul\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox>11.0,1<12.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox<10.0.4,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<10.0.4,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<10.0.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird>11.0<12.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<10.0.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libxul>1.9.2.*<10.0.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:16:51", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201204-04 (FreeType: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted font, possibly resulting in execution of arbitrary code with the privileges of the user running the application, or a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-07-11T00:00:00", "id": "GENTOO_GLSA-201204-04.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=59620", "published": "2012-06-21T00:00:00", "title": "GLSA-201204-04 : FreeType: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201204-04.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59620);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/11 17:09:26\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_bugtraq_id(52318);\n script_xref(name:\"GLSA\", value:\"201204-04\");\n\n script_name(english:\"GLSA-201204-04 : FreeType: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201204-04\n(FreeType: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in FreeType. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted font,\n possibly resulting in execution of arbitrary code with the privileges of\n the user running the application, or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201204-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All FreeType users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.4.9'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:freetype\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/freetype\", unaffected:make_list(\"ge 2.4.9\"), vulnerable:make_list(\"lt 2.4.9\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"FreeType\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:23:14", "bulletinFamily": "scanner", "description": "The remote Solaris system is missing necessary patches to address security updates :\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font. (CVE-2012-1126)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. (CVE-2012-1127)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.\n (CVE-2012-1128)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font. (CVE-2012-1129)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font. (CVE-2012-1130)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font. (CVE-2012-1131)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font. (CVE-2012-1132)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. (CVE-2012-1133)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font. (CVE-2012-1134)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font.\n (CVE-2012-1135)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field.\n (CVE-2012-1136)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font. (CVE-2012-1137)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font. (CVE-2012-1138)\n\n - Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font. (CVE-2012-1139)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object. (CVE-2012-1140)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII string in a BDF font. (CVE-2012-1141)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font. (CVE-2012-1142)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font. (CVE-2012-1143)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.\n (CVE-2012-1144)", "modified": "2018-11-15T00:00:00", "id": "SOLARIS11_FREETYPE_20141107_2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80616", "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : freetype (multiple_denial_of_service_dos1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80616);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : freetype (multiple_denial_of_service_dos1)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted property data in a\n BDF font. (CVE-2012-1126)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph or bitmap data\n in a BDF font. (CVE-2012-1127)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (NULL pointer\n dereference and memory corruption) or possibly execute\n arbitrary code via a crafted TrueType font.\n (CVE-2012-1128)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted SFNT string in a\n Type 42 font. (CVE-2012-1129)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted property data in a\n PCF font. (CVE-2012-1130)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, on 64-bit platforms\n allows remote attackers to cause a denial of service\n (invalid heap read operation and memory corruption) or\n possibly execute arbitrary code via vectors related to\n the cell table of a font. (CVE-2012-1131)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via crafted dictionary data in a\n Type 1 font. (CVE-2012-1132)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph or bitmap data\n in a BDF font. (CVE-2012-1133)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted private-dictionary\n data in a Type 1 font. (CVE-2012-1134)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via vectors involving the NPUSHB\n and NPUSHW instructions in a TrueType font.\n (CVE-2012-1135)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph or bitmap data\n in a BDF font that lacks an ENCODING field.\n (CVE-2012-1136)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted header in a BDF\n font. (CVE-2012-1137)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via vectors involving the MIRP\n instruction in a TrueType font. (CVE-2012-1138)\n\n - Array index error in FreeType before 2.4.9, as used in\n Mozilla Firefox Mobile before 10.0.4 and other products,\n allows remote attackers to cause a denial of service\n (invalid stack read operation and memory corruption) or\n possibly execute arbitrary code via crafted glyph data\n in a BDF font. (CVE-2012-1139)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted PostScript font\n object. (CVE-2012-1140)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n read operation and memory corruption) or possibly\n execute arbitrary code via a crafted ASCII string in a\n BDF font. (CVE-2012-1141)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via crafted glyph-outline data in\n a font. (CVE-2012-1142)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (divide-by-zero\n error) via a crafted font. (CVE-2012-1143)\n\n - FreeType before 2.4.9, as used in Mozilla Firefox Mobile\n before 10.0.4 and other products, allows remote\n attackers to cause a denial of service (invalid heap\n write operation and memory corruption) or possibly\n execute arbitrary code via a crafted TrueType font.\n (CVE-2012-1144)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/multiple-denial-of-service-dos-vulnerabilities-in-freetype\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2a790f4c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 8.5.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:freetype\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^freetype-\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.8.0.5.0\", sru:\"SRU 8.5\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : freetype\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_hole(port:0, extra:error_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"freetype\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:16:30", "bulletinFamily": "scanner", "description": "The Freetype project reports :\n\nMultiple vulnerabilities exist in freetype that can result in application crashes and remote code execution. Please review the details in each of the CVEs for additional information.", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_462E2D6C801711E1A571BCAEC565249C.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58641", "published": "2012-04-09T00:00:00", "title": "FreeBSD : freetype -- multiple vulnerabilities (462e2d6c-8017-11e1-a571-bcaec565249c)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58641);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:43\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n\n script_name(english:\"FreeBSD : freetype -- multiple vulnerabilities (462e2d6c-8017-11e1-a571-bcaec565249c)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Freetype project reports :\n\nMultiple vulnerabilities exist in freetype that can result in\napplication crashes and remote code execution. Please review the\ndetails in each of the CVEs for additional information.\"\n );\n # https://sourceforge.net/projects/freetype/files/freetype2/2.4.9/README/view\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?131c7cfe\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=806270\"\n );\n # https://vuxml.freebsd.org/freebsd/462e2d6c-8017-11e1-a571-bcaec565249c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?58b009d3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"freetype2<2.4.9\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:16:31", "bulletinFamily": "scanner", "description": "Specially crafted font files could have caused buffer overflows in freetype. This has been fixed.", "modified": "2013-10-25T00:00:00", "id": "SUSE_11_FREETYPE2-120328.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58720", "published": "2012-04-12T00:00:00", "title": "SuSE 11.1 Security Update : freetype2 (SAT Patch Number 6052)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58720);\n script_version(\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:41:53 $\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n\n script_name(english:\"SuSE 11.1 Security Update : freetype2 (SAT Patch Number 6052)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted font files could have caused buffer overflows in\nfreetype. This has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750947\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750952\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=750955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1126.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1127.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1128.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1129.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1130.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1131.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1132.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1133.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1134.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1135.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1136.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1137.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1138.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1139.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1140.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1141.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1142.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1143.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1144.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6052.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:ft2demos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"freetype2-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"freetype2-devel-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"ft2demos-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-devel-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"ft2demos-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"freetype2-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"ft2demos-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"freetype2-32bit-2.3.7-25.30.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"freetype2-32bit-2.3.7-25.30.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T16:51:53", "bulletinFamily": "scanner", "description": "Specially crafted font files could cause buffer overflows in freetype", "modified": "2018-11-10T00:00:00", "published": "2014-06-13T00:00:00", "id": "OPENSUSE-2012-220.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=74597", "title": "openSUSE Security Update : freetype2 (openSUSE-SU-2012:0489-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-220.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74597);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/11/10 11:50:00\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n\n script_name(english:\"openSUSE Security Update : freetype2 (openSUSE-SU-2012:0489-1)\");\n script_summary(english:\"Check for the openSUSE-2012-220 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"Specially crafted font files could cause buffer overflows in freetype\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-04/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected freetype2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:freetype2-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfreetype6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4|SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4 / 12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"freetype2-debugsource-2.4.4-7.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"freetype2-devel-2.4.4-7.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libfreetype6-2.4.4-7.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libfreetype6-debuginfo-2.4.4-7.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.4.4-7.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.4.4-7.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libfreetype6-debuginfo-32bit-2.4.4-7.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"freetype2-debugsource-2.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"freetype2-devel-2.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreetype6-2.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libfreetype6-debuginfo-2.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"freetype2-devel-32bit-2.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreetype6-32bit-2.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libfreetype6-debuginfo-32bit-2.4.7-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"freetype2-debugsource / freetype2-devel / freetype2-devel-32bit / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:16:25", "bulletinFamily": "scanner", "description": "Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1126)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1127)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1128)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed Type42 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1129)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed PCF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1130)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1131)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed Type1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1132)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.\n(CVE-2012-1133)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed Type1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.\n(CVE-2012-1134)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1135)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.\n(CVE-2012-1136)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1137)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1138)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1139)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed PostScript font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1140)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1141)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed Windows FNT/FON font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1142)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1143)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2012-1144).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1403-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58444", "published": "2012-03-23T00:00:00", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : freetype vulnerabilities (USN-1403-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1403-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58444);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/12/01 13:19:07\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_bugtraq_id(52318);\n script_xref(name:\"USN\", value:\"1403-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : freetype vulnerabilities (USN-1403-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1126)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1127)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1128)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Type42 font files. If a user were tricked into using\na specially crafted font file, a remote attacker could cause FreeType\nto crash. (CVE-2012-1129)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed PCF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1130)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1131)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Type1 font files. If a user were tricked into using\na specially crafted font file, a remote attacker could cause FreeType\nto crash. (CVE-2012-1132)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash or possibly execute arbitrary code with user privileges.\n(CVE-2012-1133)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Type1 font files. If a user were tricked into using\na specially crafted font file, a remote attacker could cause FreeType\nto crash or possibly execute arbitrary code with user privileges.\n(CVE-2012-1134)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1135)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash or possibly execute arbitrary code with user privileges.\n(CVE-2012-1136)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1137)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1138)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1139)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed PostScript font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash. (CVE-2012-1140)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed BDF font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1141)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed Windows FNT/FON font files. If a user were tricked\ninto using a specially crafted font file, a remote attacker could\ncause FreeType to crash. (CVE-2012-1142)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed font files. If a user were tricked into using a\nspecially crafted font file, a remote attacker could cause FreeType to\ncrash. (CVE-2012-1143)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle\ncertain malformed TrueType font files. If a user were tricked into\nusing a specially crafted font file, a remote attacker could cause\nFreeType to crash or possibly execute arbitrary code with user\nprivileges. (CVE-2012-1144).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1403-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libfreetype6 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.5-1ubuntu4.8.04.9\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libfreetype6\", pkgver:\"2.3.11-1ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libfreetype6\", pkgver:\"2.4.2-2ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libfreetype6\", pkgver:\"2.4.4-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libfreetype6\", pkgver:\"2.4.4-2ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libfreetype6\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:16:32", "bulletinFamily": "scanner", "description": "Multiple flaws were found in FreeType. Specially crafted files could cause application crashes or potentially execute arbitrary code (CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144).\n\nThe updated packages have been patched to correct this issue.", "modified": "2018-07-19T00:00:00", "id": "MANDRIVA_MDVSA-2012-057.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58734", "published": "2012-04-13T00:00:00", "title": "Mandriva Linux Security Advisory : freetype2 (MDVSA-2012:057)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:057. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58734);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2012-1126\", \"CVE-2012-1127\", \"CVE-2012-1128\", \"CVE-2012-1129\", \"CVE-2012-1130\", \"CVE-2012-1131\", \"CVE-2012-1132\", \"CVE-2012-1133\", \"CVE-2012-1134\", \"CVE-2012-1135\", \"CVE-2012-1136\", \"CVE-2012-1137\", \"CVE-2012-1138\", \"CVE-2012-1139\", \"CVE-2012-1140\", \"CVE-2012-1141\", \"CVE-2012-1142\", \"CVE-2012-1143\", \"CVE-2012-1144\");\n script_bugtraq_id(52318);\n script_xref(name:\"MDVSA\", value:\"2012:057\");\n\n script_name(english:\"Mandriva Linux Security Advisory : freetype2 (MDVSA-2012:057)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple flaws were found in FreeType. Specially crafted files could\ncause application crashes or potentially execute arbitrary code\n(CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129,\nCVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133,\nCVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137,\nCVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141,\nCVE-2012-1142, CVE-2012-1143, CVE-2012-1144).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:freetype2-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64freetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libfreetype6-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", reference:\"freetype2-demos-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-devel-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.3.12-1.9mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", reference:\"freetype2-demos-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64freetype6-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64freetype6-devel-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64freetype6-static-devel-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libfreetype6-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libfreetype6-devel-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libfreetype6-static-devel-2.4.5-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:16:36", "bulletinFamily": "scanner", "description": "The installed version of Firefox is earlier than 12.0 and thus, is potentially affected by the following security issues :\n\n - An error exists with handling JavaScript errors that can lead to information disclosure. (CVE-2011-1187)\n\n - An off-by-one error exists in the 'OpenType Sanitizer' which can lead to out-bounds-reads and possible code execution. (CVE-2011-3062)\n\n - Memory safety issues exist that could lead to arbitrary code execution. (CVE-2012-0467, CVE-2012-0468)\n\n - A use-after-free error exists related to 'IDBKeyRange' of 'indexedDB'. (CVE-2012-0469)\n\n - Heap-corruption errors exist related to 'gfxImageSurface' which can lead to possible code execution. (CVE-2012-0470)\n\n - A multi-octet encoding issue exists which could allow cross-site scripting attacks as certain octets in multibyte character sets can destroy following octets.\n (CVE-2012-0471)\n\n - An error exists in 'WebGLBuffer' that can lead to the reading of illegal video memory. (CVE-2012-0473)\n\n - An unspecified error can allow URL bar spoofing.\n (CVE-2012-0474)\n\n - IPv6 addresses and cross-site 'XHR' or 'WebSocket' connections on non-standard ports can allow this application to send ambiguous origin headers. (CVE-2012-0475)\n\n - A decoding issue exists related to 'ISO-2022-KR' and 'ISO-2022-CN' character sets which can lead to cross- site scripting attacks. (CVE-2012-0477) \n - An error exists related to 'WebGL' and 'texImage2D' that can allow application crashes and possibly code execution when 'JSVAL_TO_OBJECT' is used on ordinary objects. (CVE-2012-0478)\n\n - Address bar spoofing is possible when 'Atom XML' or 'RSS' data is loaded over HTTPS leading to phishing attacks. (CVE-2012-0479)", "modified": "2018-07-16T00:00:00", "id": "MACOSX_FIREFOX_12_0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58894", "published": "2012-04-27T00:00:00", "title": "Firefox < 12.0 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58894);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\n \"CVE-2011-1187\",\n \"CVE-2011-3062\",\n \"CVE-2012-0467\",\n \"CVE-2012-0468\",\n \"CVE-2012-0469\",\n \"CVE-2012-0470\",\n \"CVE-2012-0471\",\n \"CVE-2012-0473\",\n \"CVE-2012-0474\",\n \"CVE-2012-0475\",\n \"CVE-2012-0477\",\n \"CVE-2012-0478\",\n \"CVE-2012-0479\"\n );\n script_bugtraq_id(\n 53219,\n 53220,\n 53221,\n 53222,\n 53223,\n 53224,\n 53225,\n 53227,\n 53228,\n 53229,\n 53230,\n 53231\n );\n\n script_name(english:\"Firefox < 12.0 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Firefox\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The installed version of Firefox is earlier than 12.0 and thus, is\npotentially affected by the following security issues :\n\n - An error exists with handling JavaScript errors that\n can lead to information disclosure. (CVE-2011-1187)\n\n - An off-by-one error exists in the 'OpenType Sanitizer'\n which can lead to out-bounds-reads and possible code\n execution. (CVE-2011-3062)\n\n - Memory safety issues exist that could lead\n to arbitrary code execution. (CVE-2012-0467,\n CVE-2012-0468)\n\n - A use-after-free error exists related to 'IDBKeyRange'\n of 'indexedDB'. (CVE-2012-0469)\n\n - Heap-corruption errors exist related to\n 'gfxImageSurface' which can lead to possible code\n execution. (CVE-2012-0470)\n\n - A multi-octet encoding issue exists which could allow\n cross-site scripting attacks as certain octets in\n multibyte character sets can destroy following octets.\n (CVE-2012-0471)\n\n - An error exists in 'WebGLBuffer' that can lead to the\n reading of illegal video memory. (CVE-2012-0473)\n\n - An unspecified error can allow URL bar spoofing.\n (CVE-2012-0474)\n\n - IPv6 addresses and cross-site 'XHR' or 'WebSocket'\n connections on non-standard ports can allow this\n application to send ambiguous origin headers. \n (CVE-2012-0475)\n\n - A decoding issue exists related to 'ISO-2022-KR' and\n 'ISO-2022-CN' character sets which can lead to cross-\n site scripting attacks. (CVE-2012-0477)\n \n - An error exists related to 'WebGL' and 'texImage2D'\n that can allow application crashes and possibly code\n execution when 'JSVAL_TO_OBJECT' is used on ordinary\n objects. (CVE-2012-0478)\n\n - Address bar spoofing is possible when 'Atom XML' or\n 'RSS' data is loaded over HTTPS leading to phishing\n attacks. (CVE-2012-0479)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-22/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-23/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-24/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-32/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-33/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Firefox 12.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'12.0', skippat:'^10\\\\.0\\\\.', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:16:36", "bulletinFamily": "scanner", "description": "The installed version of Thunderbird is earlier than 12.0 and thus, is potentially affected by the following security issues :\n\n - An error exists with handling JavaScript errors that can lead to information disclosure. (CVE-2011-1187)\n\n - An off-by-one error exists in the 'OpenType Sanitizer' which can lead to out-bounds-reads and possible code execution. (CVE-2011-3062)\n\n - Memory safety issues exist that could lead to arbitrary code execution. (CVE-2012-0467, CVE-2012-0468)\n\n - A use-after-free error exists related to 'IDBKeyRange' of 'indexedDB'. (CVE-2012-0469)\n\n - Heap-corruption errors exist related to 'gfxImageSurface' which can lead to possible code execution. (CVE-2012-0470)\n\n - A multi-octet encoding issue exists which could allow cross-site scripting attacks as certain octets in multibyte character sets can destroy following octets.\n (CVE-2012-0471)\n\n - An error exists in 'WebGLBuffer' that can lead to the reading of illegal video memory. (CVE-2012-0473)\n\n - An unspecified error can allow URL bar spoofing.\n (CVE-2012-0474)\n\n - IPv6 addresses and cross-site 'XHR' or 'WebSocket' connections on non-standard ports can allow this application to send ambiguous origin headers. (CVE-2012-0475)\n\n - A decoding issue exists related to 'ISO-2022-KR' and 'ISO-2022-CN' character sets which could lead to cross- site scripting attacks. (CVE-2012-0477) \n - An error exists related to 'WebGL' and 'texImage2D' that can allow application crashes and possibly code execution when 'JSVAL_TO_OBJECT' is used on ordinary objects. (CVE-2012-0478)\n\n - Address bar spoofing is possible when 'Atom XML' or 'RSS' data is loaded over HTTPS leading to phishing attacks. (CVE-2012-0479)", "modified": "2018-07-16T00:00:00", "id": "MACOSX_THUNDERBIRD_12_0.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58896", "published": "2012-04-27T00:00:00", "title": "Thunderbird < 12.0 Multiple Vulnerabilities (Mac OS X)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58896);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\n \"CVE-2011-1187\",\n \"CVE-2011-3062\",\n \"CVE-2012-0467\",\n \"CVE-2012-0468\",\n \"CVE-2012-0469\",\n \"CVE-2012-0470\",\n \"CVE-2012-0471\",\n \"CVE-2012-0473\",\n \"CVE-2012-0474\",\n \"CVE-2012-0475\",\n \"CVE-2012-0477\",\n \"CVE-2012-0478\",\n \"CVE-2012-0479\"\n );\n script_bugtraq_id(\n 53219,\n 53220,\n 53221,\n 53222,\n 53223,\n 53224,\n 53225,\n 53227,\n 53228,\n 53229,\n 53230,\n 53231\n );\n\n script_name(english:\"Thunderbird < 12.0 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks version of Thunderbird\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Mac OS X host contains a mail client that is potentially\naffected by several vulnerabilities.\");\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The installed version of Thunderbird is earlier than 12.0 and thus, is \npotentially affected by the following security issues :\n\n - An error exists with handling JavaScript errors that\n can lead to information disclosure. (CVE-2011-1187)\n\n - An off-by-one error exists in the 'OpenType Sanitizer'\n which can lead to out-bounds-reads and possible code\n execution. (CVE-2011-3062)\n\n - Memory safety issues exist that could lead\n to arbitrary code execution. (CVE-2012-0467,\n CVE-2012-0468)\n\n - A use-after-free error exists related to 'IDBKeyRange'\n of 'indexedDB'. (CVE-2012-0469)\n\n - Heap-corruption errors exist related to\n 'gfxImageSurface' which can lead to possible code\n execution. (CVE-2012-0470)\n\n - A multi-octet encoding issue exists which could allow\n cross-site scripting attacks as certain octets in\n multibyte character sets can destroy following octets.\n (CVE-2012-0471)\n\n - An error exists in 'WebGLBuffer' that can lead to the\n reading of illegal video memory. (CVE-2012-0473)\n\n - An unspecified error can allow URL bar spoofing.\n (CVE-2012-0474)\n\n - IPv6 addresses and cross-site 'XHR' or 'WebSocket'\n connections on non-standard ports can allow this\n application to send ambiguous origin headers. \n (CVE-2012-0475)\n\n - A decoding issue exists related to 'ISO-2022-KR' and\n 'ISO-2022-CN' character sets which could lead to cross-\n site scripting attacks. (CVE-2012-0477)\n \n - An error exists related to 'WebGL' and 'texImage2D'\n that can allow application crashes and possibly code\n execution when 'JSVAL_TO_OBJECT' is used on ordinary\n objects. (CVE-2012-0478)\n\n - Address bar spoofing is possible when 'Atom XML' or\n 'RSS' data is loaded over HTTPS leading to phishing\n attacks. (CVE-2012-0479)\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-20/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-22/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-23/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-24/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-26/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-27/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-28/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-29/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-30/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-31/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-32/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2012-33/\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Thunderbird 12.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_thunderbird_installed.nasl\");\n script_require_keys(\"MacOSX/Thunderbird/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\nkb_base = \"MacOSX/Thunderbird\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nmozilla_check_version(product:'thunderbird', version:version, path:path, esr:FALSE, fix:'12.0', skippat:'^10\\\\.0\\\\.', severity:SECURITY_HOLE, xss:TRUE);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:47", "bulletinFamily": "software", "description": "Multiple memory corruptions in main code and different libraries, crossite scripting, information leakage.", "modified": "2012-05-09T00:00:00", "published": "2012-05-09T00:00:00", "id": "SECURITYVULNS:VULN:12355", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12355", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:50:17", "bulletinFamily": "unix", "description": "Specially crafted font files could cause buffer overflows\n in freetype\n\n", "modified": "2012-04-12T10:09:06", "published": "2012-04-12T10:09:06", "id": "OPENSUSE-SU-2012:0489-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html", "type": "suse", "title": "freetype2 update (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:37:36", "bulletinFamily": "unix", "description": "Specially crafted font files could have caused buffer\n overflows in freetype. This has been fixed.\n", "modified": "2012-04-11T21:08:19", "published": "2012-04-11T21:08:19", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html", "id": "SUSE-SU-2012:0484-1", "title": "Security update for freetype2 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:13:42", "bulletinFamily": "unix", "description": "Specially crafted font files could have caused buffer\n overflows in freetype. This has been fixed.\n", "modified": "2012-04-11T20:08:18", "published": "2012-04-11T20:08:18", "id": "SUSE-SU-2012:0483-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html", "type": "suse", "title": "Security update for freetype2 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:07", "bulletinFamily": "unix", "description": "Specially crafted font files could have caused buffer\n overflows in freetype, which could be exploited for remote\n code execution.\n", "modified": "2012-04-23T15:08:12", "published": "2012-04-23T15:08:12", "id": "SUSE-SU-2012:0483-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00018.html", "title": "Security update for freetype2 (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:37:04", "bulletinFamily": "unix", "description": "Specially crafted font files could have caused buffer\n overflows in freetype. This has been fixed.\n", "modified": "2012-04-18T18:08:39", "published": "2012-04-18T18:08:39", "id": "SUSE-SU-2012:0521-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html", "type": "suse", "title": "Security update for freetype2 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:58", "bulletinFamily": "unix", "description": "### Background\n\nFreeType is a high-quality and portable font engine.\n\n### Description\n\nMultiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted font, possibly resulting in execution of arbitrary code with the privileges of the user running the application, or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FreeType users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/freetype-2.4.9\"", "modified": "2012-04-17T00:00:00", "published": "2012-04-17T00:00:00", "id": "GLSA-201204-04", "href": "https://security.gentoo.org/glsa/201204-04", "type": "gentoo", "title": "FreeType: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:21:02", "bulletinFamily": "unix", "description": "Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1126)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1127)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1128)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed Type42 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1129)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed PCF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1130)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1131)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed Type1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1132)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2012-1133)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed Type1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2012-1134)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1135)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2012-1136)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1137)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1138)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1139)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed PostScript font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1140)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1141)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed Windows FNT/FON font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1142)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash. (CVE-2012-1143)\n\nMateusz Jurczyk discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2012-1144)", "modified": "2012-03-23T00:00:00", "published": "2012-03-23T00:00:00", "id": "USN-1403-1", "href": "https://usn.ubuntu.com/1403-1/", "title": "FreeType vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:22:34", "bulletinFamily": "unix", "description": "Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-0467, CVE-2012-0468)\n\nAki Helin discovered a use-after-free vulnerability in XPConnect. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2012-0469)\n\nAtte Kettunen discovered that invalid frees cause heap corruption in gfxImageSurface. If a user were tricked into opening a malicious Scalable Vector Graphics (SVG) image file, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-0470)\n\nAnne van Kesteren discovered a potential cross-site scripting (XSS) vulnerability via multibyte content processing errors. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2012-0471)\n\nMatias Juntunen discovered a vulnerability in Firefox\u2019s WebGL implementation that potentially allows the reading of illegal video memory. An attacker could possibly exploit this to cause a denial of service via application crash. (CVE-2012-0473)\n\nJordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox allowed the address bar to display a different website than the one the user was visiting. This could potentially leave the user vulnerable to cross-site scripting (XSS) attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2012-0474)\n\nSimone Fabiano discovered that Firefox did not always send correct origin headers when connecting to an IPv6 websites. An attacker could potentially use this to bypass intended access controls. (CVE-2012-0475)\n\nMasato Kinugawa discovered that cross-site scripting (XSS) injection is possible during the decoding of ISO-2022-KR and ISO-2022-CN character sets. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2012-0477)\n\nIt was discovered that certain images rendered using WebGL could cause Firefox to crash. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-0478)\n\nMateusz Jurczyk discovered an off-by-one error in the OpenType Sanitizer. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2011-3062)\n\nDaniel Divricean discovered a defect in the error handling of JavaScript errors can potentially leak the file names and location of JavaScript files on a server. This could potentially lead to inadvertent information disclosure and a vector for further attacks. (CVE-2011-1187)\n\nJeroen van der Gun discovered a vulnerability in the way Firefox handled RSS and Atom feeds. Invalid RSS or ATOM content loaded over HTTPS caused the location bar to be updated with the address of this content, while the main window still displays the previously loaded content. An attacker could potentially exploit this vulnerability to conduct phishing attacks. (CVE-2012-0479)", "modified": "2012-04-27T00:00:00", "published": "2012-04-27T00:00:00", "id": "USN-1430-1", "href": "https://usn.ubuntu.com/1430-1/", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:22:36", "bulletinFamily": "unix", "description": "USN-1430-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox.\n\nOriginal advisory details:\n\nBob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-0467, CVE-2012-0468)\n\nAki Helin discovered a use-after-free vulnerability in XPConnect. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2012-0469)\n\nAtte Kettunen discovered that invalid frees cause heap corruption in gfxImageSurface. If a user were tricked into opening a malicious Scalable Vector Graphics (SVG) image file, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-0470)\n\nAnne van Kesteren discovered a potential cross-site scripting (XSS) vulnerability via multibyte content processing errors. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2012-0471)\n\nMatias Juntunen discovered a vulnerability in Firefox\u2019s WebGL implementation that potentially allows the reading of illegal video memory. An attacker could possibly exploit this to cause a denial of service via application crash. (CVE-2012-0473)\n\nJordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox allowed the address bar to display a different website than the one the user was visiting. This could potentially leave the user vulnerable to cross-site scripting (XSS) attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2012-0474)\n\nSimone Fabiano discovered that Firefox did not always send correct origin headers when connecting to an IPv6 websites. An attacker could potentially use this to bypass intended access controls. (CVE-2012-0475)\n\nMasato Kinugawa discovered that cross-site scripting (XSS) injection is possible during the decoding of ISO-2022-KR and ISO-2022-CN character sets. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2012-0477)\n\nIt was discovered that certain images rendered using WebGL could cause Firefox to crash. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-0478)\n\nMateusz Jurczyk discovered an off-by-one error in the OpenType Sanitizer. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2011-3062)\n\nDaniel Divricean discovered a defect in the error handling of JavaScript errors can potentially leak the file names and location of JavaScript files on a server. This could potentially lead to inadvertent information disclosure and a vector for further attacks. (CVE-2011-1187)\n\nJeroen van der Gun discovered a vulnerability in the way Firefox handled RSS and Atom feeds. Invalid RSS or ATOM content loaded over HTTPS caused the location bar to be updated with the address of this content, while the main window still displays the previously loaded content. An attacker could potentially exploit this vulnerability to conduct phishing attacks. (CVE-2012-0479)", "modified": "2012-04-27T00:00:00", "published": "2012-04-27T00:00:00", "id": "USN-1430-2", "href": "https://usn.ubuntu.com/1430-2/", "title": "ubufox update", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T17:21:32", "bulletinFamily": "unix", "description": "USN-1430-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird.\n\nOriginal advisory details:\n\nBob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-0467, CVE-2012-0468)\n\nAki Helin discovered a use-after-free vulnerability in XPConnect. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2012-0469)\n\nAtte Kettunen discovered that invalid frees cause heap corruption in gfxImageSurface. If a user were tricked into opening a malicious Scalable Vector Graphics (SVG) image file, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-0470)\n\nAnne van Kesteren discovered a potential cross-site scripting (XSS) vulnerability via multibyte content processing errors. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2012-0471)\n\nMatias Juntunen discovered a vulnerability in Firefox\u2019s WebGL implementation that potentially allows the reading of illegal video memory. An attacker could possibly exploit this to cause a denial of service via application crash. (CVE-2012-0473)\n\nJordi Chancel, Eddy Bordi, and Chris McGowen discovered that Firefox allowed the address bar to display a different website than the one the user was visiting. This could potentially leave the user vulnerable to cross-site scripting (XSS) attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2012-0474)\n\nSimone Fabiano discovered that Firefox did not always send correct origin headers when connecting to an IPv6 websites. An attacker could potentially use this to bypass intended access controls. (CVE-2012-0475)\n\nMasato Kinugawa discovered that cross-site scripting (XSS) injection is possible during the decoding of ISO-2022-KR and ISO-2022-CN character sets. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2012-0477)\n\nIt was discovered that certain images rendered using WebGL could cause Firefox to crash. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-0478)\n\nMateusz Jurczyk discovered an off-by-one error in the OpenType Sanitizer. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2011-3062)\n\nDaniel Divricean discovered a defect in the error handling of JavaScript errors can potentially leak the file names and location of JavaScript files on a server. This could potentially lead to inadvertent information disclosure and a vector for further attacks. (CVE-2011-1187)\n\nJeroen van der Gun discovered a vulnerability in the way Firefox handled RSS and Atom feeds. Invalid RSS or ATOM content loaded over HTTPS caused the location bar to be updated with the address of this content, while the main window still displays the previously loaded content. An attacker could potentially exploit this vulnerability to conduct phishing attacks. (CVE-2012-0479)", "modified": "2012-05-04T00:00:00", "published": "2012-05-04T00:00:00", "id": "USN-1430-3", "href": "https://usn.ubuntu.com/1430-3/", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:45", "bulletinFamily": "software", "description": "Mateusz Jurczyk of the Google Security Team used the Address\nSanitizer tool to discover a series of memory safety bugs in the FreeType\nlibrary, some of which could cause memory corruption and exploitable crashes\nwith certain fonts and font parsing. Firefox Mobile has been upgraded to\nFreeType version 2.4.9 which addresses these issues. Desktop Firefox does not\nuse Freetype for fonts and was not affected.\n\nOn Linux systems, Firefox will use the installed system library for FreeType. Linux users should make sure they are current on system security updates.", "modified": "2012-04-24T00:00:00", "published": "2012-04-24T00:00:00", "id": "MFSA2012-21", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2012-21/", "type": "mozilla", "title": "Multiple security flaws fixed in FreeType v2.4.9", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:44:34", "bulletinFamily": "unix", "description": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nA flaw was found in Sanitiser for OpenType (OTS), used by Thunderbird to\nhelp prevent potential exploits in malformed OpenType fonts. Malicious\ncontent could cause Thunderbird to crash or, under certain conditions,\npossibly execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2011-3062)\n\nMalicious content could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)\n\nContent containing a malicious Scalable Vector Graphics (SVG) image file\ncould cause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2012-0470)\n\nA flaw was found in the way Thunderbird used its embedded Cairo library to\nrender certain fonts. Malicious content could cause Thunderbird to crash\nor, under certain conditions, possibly execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2012-0472)\n\nA flaw was found in the way Thunderbird rendered certain images using\nWebGL. Malicious content could cause Thunderbird to crash or, under certain\nconditions, possibly execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2012-0478)\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird handled\ncertain multibyte character sets. Malicious content could cause Thunderbird\nto run JavaScript code with the permissions of different content.\n(CVE-2012-0471)\n\nA flaw was found in the way Thunderbird rendered certain graphics using\nWebGL. Malicious content could cause Thunderbird to crash. (CVE-2012-0473)\n\nA flaw in the built-in feed reader in Thunderbird allowed the Website field\nto display the address of different content than the content the user was\nvisiting. An attacker could use this flaw to conceal a malicious URL,\npossibly tricking a user into believing they are viewing a trusted site, or\nallowing scripts to be loaded from the attacker's site, possibly leading to\ncross-site scripting (XSS) attacks. (CVE-2012-0474)\n\nA flaw was found in the way Thunderbird decoded the ISO-2022-KR and\nISO-2022-CN character sets. Malicious content could cause Thunderbird\nto run JavaScript code with the permissions of different content.\n(CVE-2012-0477)\n\nA flaw was found in the way the built-in feed reader in Thunderbird handled\nRSS and Atom feeds. Invalid RSS or Atom content loaded over HTTPS caused\nThunderbird to display the address of said content, but not the content.\nThe previous content continued to be displayed. An attacker could use this\nflaw to perform phishing attacks, or trick users into thinking they are\nvisiting the site reported by the Website field, when the page is actually\ncontent controlled by an attacker. (CVE-2012-0479)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Mateusz Jurczyk of the Google Security Team as the\noriginal reporter of CVE-2011-3062; Aki Helin from OUSPG as the original\nreporter of CVE-2012-0469; Atte Kettunen from OUSPG as the original\nreporter of CVE-2012-0470; wushi of team509 via iDefense as the original\nreporter of CVE-2012-0472; Ms2ger as the original reporter of\nCVE-2012-0478; Anne van Kesteren of Opera Software as the original reporter\nof CVE-2012-0471; Matias Juntunen as the original reporter of\nCVE-2012-0473; Jordi Chancel and Eddy Bordi, and Chris McGowen as the\noriginal reporters of CVE-2012-0474; Masato Kinugawa as the original\nreporter of CVE-2012-0477; and Jeroen van der Gun as the original reporter\nof CVE-2012-0479.\n\nNote: All issues except CVE-2012-0470, CVE-2012-0472, and CVE-2011-3062\ncannot be exploited by a specially-crafted HTML mail message as JavaScript\nis disabled by default for mail messages. It could be exploited another way\nin Thunderbird, for example, when viewing the full remote content of an\nRSS feed.\n", "modified": "2018-06-06T20:24:24", "published": "2012-04-24T04:00:00", "id": "RHSA-2012:0516", "href": "https://access.redhat.com/errata/RHSA-2012:0516", "type": "redhat", "title": "(RHSA-2012:0516) Critical: thunderbird security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:36", "bulletinFamily": "unix", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA flaw was found in Sanitiser for OpenType (OTS), used by Firefox to help\nprevent potential exploits in malformed OpenType fonts. A web page\ncontaining malicious content could cause Firefox to crash or, under certain\nconditions, possibly execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-3062)\n\nA web page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)\n\nA web page containing a malicious Scalable Vector Graphics (SVG) image file\ncould cause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2012-0470)\n\nA flaw was found in the way Firefox used its embedded Cairo library to\nrender certain fonts. A web page containing malicious content could cause\nFirefox to crash or, under certain conditions, possibly execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2012-0472)\n\nA flaw was found in the way Firefox rendered certain images using WebGL. A\nweb page containing malicious content could cause Firefox to crash or,\nunder certain conditions, possibly execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2012-0478)\n\nA cross-site scripting (XSS) flaw was found in the way Firefox handled\ncertain multibyte character sets. A web page containing malicious content\ncould cause Firefox to run JavaScript code with the permissions of a\ndifferent website. (CVE-2012-0471)\n\nA flaw was found in the way Firefox rendered certain graphics using WebGL.\nA web page containing malicious content could cause Firefox to crash.\n(CVE-2012-0473)\n\nA flaw in Firefox allowed the address bar to display a different website\nthan the one the user was visiting. An attacker could use this flaw to\nconceal a malicious URL, possibly tricking a user into believing they are\nviewing a trusted site, or allowing scripts to be loaded from the\nattacker's site, possibly leading to cross-site scripting (XSS) attacks.\n(CVE-2012-0474)\n\nA flaw was found in the way Firefox decoded the ISO-2022-KR and ISO-2022-CN\ncharacter sets. A web page containing malicious content could cause Firefox\nto run JavaScript code with the permissions of a different website.\n(CVE-2012-0477)\n\nA flaw was found in the way Firefox handled RSS and Atom feeds. Invalid\nRSS or Atom content loaded over HTTPS caused Firefox to display the\naddress of said content in the location bar, but not the content in the\nmain window. The previous content continued to be displayed. An attacker\ncould use this flaw to perform phishing attacks, or trick users into\nthinking they are visiting the site reported by the location bar, when the\npage is actually content controlled by an attacker. (CVE-2012-0479)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 10.0.4 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Mateusz Jurczyk of the Google Security Team as the\noriginal reporter of CVE-2011-3062; Aki Helin from OUSPG as the original\nreporter of CVE-2012-0469; Atte Kettunen from OUSPG as the original\nreporter of CVE-2012-0470; wushi of team509 via iDefense as the original\nreporter of CVE-2012-0472; Ms2ger as the original reporter of\nCVE-2012-0478; Anne van Kesteren of Opera Software as the original reporter\nof CVE-2012-0471; Matias Juntunen as the original reporter of\nCVE-2012-0473; Jordi Chancel and Eddy Bordi, and Chris McGowen as the\noriginal reporters of CVE-2012-0474; Masato Kinugawa as the original\nreporter of CVE-2012-0477; and Jeroen van der Gun as the original reporter\nof CVE-2012-0479.\n", "modified": "2018-06-06T20:24:26", "published": "2012-04-24T04:00:00", "id": "RHSA-2012:0515", "href": "https://access.redhat.com/errata/RHSA-2012:0515", "type": "redhat", "title": "(RHSA-2012:0515) Critical: firefox security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:00", "bulletinFamily": "unix", "description": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently.\n\nMultiple flaws were found in the way FreeType handled TrueType Font (TTF),\nGlyph Bitmap Distribution Format (BDF), Windows .fnt and .fon, and\nPostScript Type 1 fonts. If a specially-crafted font file was loaded by an\napplication linked against FreeType, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2012-1134, CVE-2012-1136, CVE-2012-1142,\nCVE-2012-1144)\n\nMultiple flaws were found in the way FreeType handled fonts in various\nformats. If a specially-crafted font file was loaded by an application\nlinked against FreeType, it could cause the application to crash.\n(CVE-2012-1126, CVE-2012-1127, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132,\nCVE-2012-1137, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1143)\n\nRed Hat would like to thank Mateusz Jurczyk of the Google Security Team for\nreporting these issues.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n", "modified": "2018-06-06T20:24:28", "published": "2012-04-10T04:00:00", "id": "RHSA-2012:0467", "href": "https://access.redhat.com/errata/RHSA-2012:0467", "type": "redhat", "title": "(RHSA-2012:0467) Important: freetype security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:36", "bulletinFamily": "unix", "description": "[10.0.4-1.0.1.el6_2]\n- Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js\n- Replace clean.gif in tarball\n[10.0.4-1]\n- Update to 10.0.4 ESR", "modified": "2012-04-25T00:00:00", "published": "2012-04-25T00:00:00", "id": "ELSA-2012-0516", "href": "http://linux.oracle.com/errata/ELSA-2012-0516.html", "title": "thunderbird security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:28", "bulletinFamily": "unix", "description": "firefox:\n[10.0.4-1.0.1.el6_2]\n- Replace firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js\n[10.0.4-1]\n- Update to 10.0.4 ESR\nxulrunner:\n[10.0.4-1.0.1.el6_2]\n- Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js\n[10.0.4-1]\n- Update to 10.0.4 ESR\n[10.0.3-3]\n- Fixed mozbz#746112 - ppc(64) freeze\n[10.0.3-2]\n- Fixed mozbz#681937", "modified": "2012-04-25T00:00:00", "published": "2012-04-25T00:00:00", "id": "ELSA-2012-0515", "href": "http://linux.oracle.com/errata/ELSA-2012-0515.html", "title": "firefox security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:25", "bulletinFamily": "unix", "description": "[2.3.11-6.el6_2.9]\n- Fix CVE-2012-{1126, 1127, 1130, 1131, 1132, 1134, 1136,\n 1137, 1139, 1140, 1141, 1142, 1143, 1144}\n- Properly initialize array 'result' in\n FT_Outline_Get_Orientation()\n- Check bytes per row for overflow in _bdf_parse_glyphs()\n- Resolves: #806268", "modified": "2012-04-10T00:00:00", "published": "2012-04-10T00:00:00", "id": "ELSA-2012-0467", "href": "http://linux.oracle.com/errata/ELSA-2012-0467.html", "title": "freetype security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:34:22", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0516\n\n\nMozilla Thunderbird is a standalone mail and newsgroup client.\n\nA flaw was found in Sanitiser for OpenType (OTS), used by Thunderbird to\nhelp prevent potential exploits in malformed OpenType fonts. Malicious\ncontent could cause Thunderbird to crash or, under certain conditions,\npossibly execute arbitrary code with the privileges of the user running\nThunderbird. (CVE-2011-3062)\n\nMalicious content could cause Thunderbird to crash or, potentially, execute\narbitrary code with the privileges of the user running Thunderbird.\n(CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)\n\nContent containing a malicious Scalable Vector Graphics (SVG) image file\ncould cause Thunderbird to crash or, potentially, execute arbitrary code\nwith the privileges of the user running Thunderbird. (CVE-2012-0470)\n\nA flaw was found in the way Thunderbird used its embedded Cairo library to\nrender certain fonts. Malicious content could cause Thunderbird to crash\nor, under certain conditions, possibly execute arbitrary code with the\nprivileges of the user running Thunderbird. (CVE-2012-0472)\n\nA flaw was found in the way Thunderbird rendered certain images using\nWebGL. Malicious content could cause Thunderbird to crash or, under certain\nconditions, possibly execute arbitrary code with the privileges of the user\nrunning Thunderbird. (CVE-2012-0478)\n\nA cross-site scripting (XSS) flaw was found in the way Thunderbird handled\ncertain multibyte character sets. Malicious content could cause Thunderbird\nto run JavaScript code with the permissions of different content.\n(CVE-2012-0471)\n\nA flaw was found in the way Thunderbird rendered certain graphics using\nWebGL. Malicious content could cause Thunderbird to crash. (CVE-2012-0473)\n\nA flaw in the built-in feed reader in Thunderbird allowed the Website field\nto display the address of different content than the content the user was\nvisiting. An attacker could use this flaw to conceal a malicious URL,\npossibly tricking a user into believing they are viewing a trusted site, or\nallowing scripts to be loaded from the attacker's site, possibly leading to\ncross-site scripting (XSS) attacks. (CVE-2012-0474)\n\nA flaw was found in the way Thunderbird decoded the ISO-2022-KR and\nISO-2022-CN character sets. Malicious content could cause Thunderbird\nto run JavaScript code with the permissions of different content.\n(CVE-2012-0477)\n\nA flaw was found in the way the built-in feed reader in Thunderbird handled\nRSS and Atom feeds. Invalid RSS or Atom content loaded over HTTPS caused\nThunderbird to display the address of said content, but not the content.\nThe previous content continued to be displayed. An attacker could use this\nflaw to perform phishing attacks, or trick users into thinking they are\nvisiting the site reported by the Website field, when the page is actually\ncontent controlled by an attacker. (CVE-2012-0479)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Mateusz Jurczyk of the Google Security Team as the\noriginal reporter of CVE-2011-3062; Aki Helin from OUSPG as the original\nreporter of CVE-2012-0469; Atte Kettunen from OUSPG as the original\nreporter of CVE-2012-0470; wushi of team509 via iDefense as the original\nreporter of CVE-2012-0472; Ms2ger as the original reporter of\nCVE-2012-0478; Anne van Kesteren of Opera Software as the original reporter\nof CVE-2012-0471; Matias Juntunen as the original reporter of\nCVE-2012-0473; Jordi Chancel and Eddy Bordi, and Chris McGowen as the\noriginal reporters of CVE-2012-0474; Masato Kinugawa as the original\nreporter of CVE-2012-0477; and Jeroen van der Gun as the original reporter\nof CVE-2012-0479.\n\nNote: All issues except CVE-2012-0470, CVE-2012-0472, and CVE-2011-3062\ncannot be exploited by a specially-crafted HTML mail message as JavaScript\nis disabled by default for mail messages. It could be exploited another way\nin Thunderbird, for example, when viewing the full remote content of an\nRSS feed.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/018594.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/018595.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/018600.html\n\n**Affected packages:**\nthunderbird\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2012-0516.html", "modified": "2012-04-24T23:54:23", "published": "2012-04-24T21:30:17", "href": "http://lists.centos.org/pipermail/centos-announce/2012-April/018594.html", "id": "CESA-2012:0516", "title": "thunderbird security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:43", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0515\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nA flaw was found in Sanitiser for OpenType (OTS), used by Firefox to help\nprevent potential exploits in malformed OpenType fonts. A web page\ncontaining malicious content could cause Firefox to crash or, under certain\nconditions, possibly execute arbitrary code with the privileges of the user\nrunning Firefox. (CVE-2011-3062)\n\nA web page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)\n\nA web page containing a malicious Scalable Vector Graphics (SVG) image file\ncould cause Firefox to crash or, potentially, execute arbitrary code with\nthe privileges of the user running Firefox. (CVE-2012-0470)\n\nA flaw was found in the way Firefox used its embedded Cairo library to\nrender certain fonts. A web page containing malicious content could cause\nFirefox to crash or, under certain conditions, possibly execute arbitrary\ncode with the privileges of the user running Firefox. (CVE-2012-0472)\n\nA flaw was found in the way Firefox rendered certain images using WebGL. A\nweb page containing malicious content could cause Firefox to crash or,\nunder certain conditions, possibly execute arbitrary code with the\nprivileges of the user running Firefox. (CVE-2012-0478)\n\nA cross-site scripting (XSS) flaw was found in the way Firefox handled\ncertain multibyte character sets. A web page containing malicious content\ncould cause Firefox to run JavaScript code with the permissions of a\ndifferent website. (CVE-2012-0471)\n\nA flaw was found in the way Firefox rendered certain graphics using WebGL.\nA web page containing malicious content could cause Firefox to crash.\n(CVE-2012-0473)\n\nA flaw in Firefox allowed the address bar to display a different website\nthan the one the user was visiting. An attacker could use this flaw to\nconceal a malicious URL, possibly tricking a user into believing they are\nviewing a trusted site, or allowing scripts to be loaded from the\nattacker's site, possibly leading to cross-site scripting (XSS) attacks.\n(CVE-2012-0474)\n\nA flaw was found in the way Firefox decoded the ISO-2022-KR and ISO-2022-CN\ncharacter sets. A web page containing malicious content could cause Firefox\nto run JavaScript code with the permissions of a different website.\n(CVE-2012-0477)\n\nA flaw was found in the way Firefox handled RSS and Atom feeds. Invalid\nRSS or Atom content loaded over HTTPS caused Firefox to display the\naddress of said content in the location bar, but not the content in the\nmain window. The previous content continued to be displayed. An attacker\ncould use this flaw to perform phishing attacks, or trick users into\nthinking they are visiting the site reported by the location bar, when the\npage is actually content controlled by an attacker. (CVE-2012-0479)\n\nFor technical details regarding these flaws, refer to the Mozilla security\nadvisories for Firefox 10.0.4 ESR. You can find a link to the Mozilla\nadvisories in the References section of this erratum.\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges Mateusz Jurczyk of the Google Security Team as the\noriginal reporter of CVE-2011-3062; Aki Helin from OUSPG as the original\nreporter of CVE-2012-0469; Atte Kettunen from OUSPG as the original\nreporter of CVE-2012-0470; wushi of team509 via iDefense as the original\nreporter of CVE-2012-0472; Ms2ger as the original reporter of\nCVE-2012-0478; Anne van Kesteren of Opera Software as the original reporter\nof CVE-2012-0471; Matias Juntunen as the original reporter of\nCVE-2012-0473; Jordi Chancel and Eddy Bordi, and Chris McGowen as the\noriginal reporters of CVE-2012-0474; Masato Kinugawa as the original\nreporter of CVE-2012-0477; and Jeroen van der Gun as the original reporter\nof CVE-2012-0479.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/018593.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/018597.html\n\n**Affected packages:**\nfirefox\nxulrunner\nxulrunner-devel\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2012-0515.html", "modified": "2012-04-24T23:51:02", "published": "2012-04-24T21:27:20", "href": "http://lists.centos.org/pipermail/centos-announce/2012-April/018593.html", "id": "CESA-2012:0515", "title": "firefox, xulrunner security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:48", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2012:0467\n\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently.\n\nMultiple flaws were found in the way FreeType handled TrueType Font (TTF),\nGlyph Bitmap Distribution Format (BDF), Windows .fnt and .fon, and\nPostScript Type 1 fonts. If a specially-crafted font file was loaded by an\napplication linked against FreeType, it could cause the application to\ncrash or, potentially, execute arbitrary code with the privileges of the\nuser running the application. (CVE-2012-1134, CVE-2012-1136, CVE-2012-1142,\nCVE-2012-1144)\n\nMultiple flaws were found in the way FreeType handled fonts in various\nformats. If a specially-crafted font file was loaded by an application\nlinked against FreeType, it could cause the application to crash.\n(CVE-2012-1126, CVE-2012-1127, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132,\nCVE-2012-1137, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1143)\n\nRed Hat would like to thank Mateusz Jurczyk of the Google Security Team for\nreporting these issues.\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct these issues. The X server must be restarted\n(log out, then log back in) for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/018559.html\nhttp://lists.centos.org/pipermail/centos-announce/2012-April/018563.html\n\n**Affected packages:**\nfreetype\nfreetype-demos\nfreetype-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0467.html", "modified": "2012-04-10T19:57:59", "published": "2012-04-10T17:09:43", "href": "http://lists.centos.org/pipermail/centos-announce/2012-April/018559.html", "id": "CESA-2012:0467", "title": "freetype security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
