Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1403-1
HistoryMar 23, 2012 - 12:00 a.m.

FreeType vulnerabilities

2012-03-2300:00:00
ubuntu.com
36

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.246 Low

EPSS

Percentile

96.6%

JSON

Releases

  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.10
  • Ubuntu 10.04
  • Ubuntu 8.04

Packages

  • freetype - FreeType 2 is a font engine library

Details

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed BDF font files. If a user were tricked into using a specially crafted
font file, a remote attacker could cause FreeType to crash. (CVE-2012-1126)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed BDF font files. If a user were tricked into using a specially crafted
font file, a remote attacker could cause FreeType to crash. (CVE-2012-1127)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed TrueType font files. If a user were tricked into using a specially
crafted font file, a remote attacker could cause FreeType to crash.
(CVE-2012-1128)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed Type42 font files. If a user were tricked into using a specially
crafted font file, a remote attacker could cause FreeType to crash.
(CVE-2012-1129)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed PCF font files. If a user were tricked into using a specially crafted
font file, a remote attacker could cause FreeType to crash. (CVE-2012-1130)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed TrueType font files. If a user were tricked into using a specially
crafted font file, a remote attacker could cause FreeType to crash.
(CVE-2012-1131)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed Type1 font files. If a user were tricked into using a specially
crafted font file, a remote attacker could cause FreeType to crash.
(CVE-2012-1132)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed BDF font files. If a user were tricked into using a specially crafted
font file, a remote attacker could cause FreeType to crash or possibly execute
arbitrary code with user privileges. (CVE-2012-1133)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed Type1 font files. If a user were tricked into using a specially
crafted font file, a remote attacker could cause FreeType to crash or possibly
execute arbitrary code with user privileges. (CVE-2012-1134)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed TrueType font files. If a user were tricked into using a specially
crafted font file, a remote attacker could cause FreeType to crash.
(CVE-2012-1135)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed BDF font files. If a user were tricked into using a specially crafted
font file, a remote attacker could cause FreeType to crash or possibly execute
arbitrary code with user privileges. (CVE-2012-1136)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed BDF font files. If a user were tricked into using a specially crafted
font file, a remote attacker could cause FreeType to crash. (CVE-2012-1137)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed TrueType font files. If a user were tricked into using a specially
crafted font file, a remote attacker could cause FreeType to crash.
(CVE-2012-1138)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed BDF font files. If a user were tricked into using a specially crafted
font file, a remote attacker could cause FreeType to crash. (CVE-2012-1139)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed PostScript font files. If a user were tricked into using a specially
crafted font file, a remote attacker could cause FreeType to crash.
(CVE-2012-1140)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed BDF font files. If a user were tricked into using a specially crafted
font file, a remote attacker could cause FreeType to crash. (CVE-2012-1141)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed Windows FNT/FON font files. If a user were tricked into using a
specially crafted font file, a remote attacker could cause FreeType to crash.
(CVE-2012-1142)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed font files. If a user were tricked into using a specially crafted
font file, a remote attacker could cause FreeType to crash. (CVE-2012-1143)

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed TrueType font files. If a user were tricked into using a specially
crafted font file, a remote attacker could cause FreeType to crash or possibly
execute arbitrary code with user privileges. (CVE-2012-1144)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.04noarchlibfreetype6< 2.3.5-1ubuntu4.8.04.9UNKNOWN
Ubuntu8.04noarchfreetype2-demos< 2.3.5-1ubuntu4.8.04.9UNKNOWN
Ubuntu8.04noarchlibfreetype6-dev< 2.3.5-1ubuntu4.8.04.9UNKNOWN
Ubuntu8.04noarchlibfreetype6-udeb< 2.3.5-1ubuntu4.8.04.9UNKNOWN
Ubuntu11.10noarchlibfreetype6< 2.4.4-2ubuntu1.2UNKNOWN
Ubuntu11.10noarchfreetype2-demos< 2.4.4-2ubuntu1.2UNKNOWN
Ubuntu11.10noarchlibfreetype6-dev< 2.4.4-2ubuntu1.2UNKNOWN
Ubuntu11.10noarchlibfreetype6-udeb< 2.4.4-2ubuntu1.2UNKNOWN
Ubuntu11.04noarchlibfreetype6< 2.4.4-1ubuntu2.3UNKNOWN
Ubuntu11.04noarchfreetype2-demos< 2.4.4-1ubuntu2.3UNKNOWN
Rows per page:
1-10 of 201

Related

openvas 29
suse 6
nessus 17
gentoo 1
freebsd 2
mozilla 1
oraclelinux 1
centos 1
redhat 1
debian 1
securityvulns 5
amazon 1
slackware 1
prion 19
debiancve 19
ubuntucve 19
cve 19
veracode 14
openvas
openvas
Ubuntu Update for freetype USN-1403-1
2012-03-26 00:00:00
Mandriva Update for freetype2 MDVSA-2012:057 (freetype2)
2012-08-03 00:00:00
Ubuntu: Security Advisory (USN-1403-1)
2012-03-26 00:00:00
suse
suse
Security update for freetype2 (important)
2012-04-11 21:08:19
freetype2 update (important)
2012-04-12 10:09:06
Security update for freetype2 (important)
2012-04-11 20:08:18
nessus
nessus
Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : freetype vulnerabilities (USN-1403-1)
2012-03-23 00:00:00
FreeBSD : freetype -- multiple vulnerabilities (462e2d6c-8017-11e1-a571-bcaec565249c)
2012-04-09 00:00:00
SuSE 11.1 Security Update : freetype2 (SAT Patch Number 6052)
2012-04-12 00:00:00
gentoo
gentoo
FreeType: Multiple vulnerabilities
2012-04-17 00:00:00
freebsd
freebsd
freetype -- multiple vulnerabilities
2012-03-08 00:00:00
mozilla -- multiple vulnerabilities
2012-04-24 00:00:00
mozilla
mozilla
Multiple security flaws fixed in FreeType v2.4.9 — Mozilla
2012-04-24 00:00:00
oraclelinux
oraclelinux
freetype security update
2012-04-10 00:00:00
centos
centos
freetype security update
2012-04-10 21:09:43
redhat
redhat
(RHSA-2012:0467) Important: freetype security update
2012-04-10 00:00:00
debian
debian
[SECURITY] [DSA 2428-1] freetype security update
2012-03-08 20:48:00
securityvulns
securityvulns
FreeType multiple security vulnerabilitiles
2012-03-09 00:00:00
[SECURITY] [DSA 2428-1] freetype security update
2012-03-09 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-05-09 00:00:00
amazon
amazon
Important: freetype
2012-04-30 14:46:00
slackware
slackware
[slackware-security] freetype
2012-06-25 15:27:37
prion
prion
Memory corruption
2012-04-25 10:10:00
Memory corruption
2012-04-25 10:10:00
Heap overflow
2012-04-25 10:10:00
debiancve
debiancve
CVE-2012-1135
2012-04-25 10:10:00
CVE-2012-1134
2012-04-25 10:10:00
CVE-2012-1140
2012-04-25 10:10:00
ubuntucve
ubuntucve
CVE-2012-1132
2012-03-07 00:00:00
CVE-2012-1136
2012-03-07 00:00:00
CVE-2012-1137
2012-03-07 00:00:00
cve
cve
CVE-2012-1144
2012-04-25 10:10:00
CVE-2012-1132
2012-04-25 10:10:00
CVE-2012-1134
2012-04-25 10:10:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:09:33
Arbitrary Code Execution
2020-04-10 01:09:33
Arbitrary Code Execution
2020-04-10 01:09:35

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.246 Low

EPSS

Percentile

96.6%

JSON
Related for USN-1403-1
openvas29suse6nessus17gentoo1freebsd2mozilla1oraclelinux1centos1redhat1debian1securityvulns5amazon1slackware1prion19debiancve19ubuntucve19cve19veracode14