Lucene search
UbuntuUSN-466-1HistoryMay 30, 2007 - 12:00 a.m.
freetype vulnerability
2007-05-3000:00:00
ubuntu.com
32
7.4 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.621 Medium
EPSS
Percentile
97.8%
Releases
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06
Details
Victor Stinner discovered that freetype did not correctly verify the
number of points in a TrueType font. If a user were tricked into using
a specially crafted font, a remote attacker could execute arbitrary code
with user privileges.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 7.04 | noarch | libfreetype6 | < 2.2.1-5ubuntu1.1 | UNKNOWN |
| Ubuntu | 6.10 | noarch | libfreetype6 | < 2.2.1-5ubuntu0.2 | UNKNOWN |
| Ubuntu | 6.06 | noarch | libfreetype6 | < 2.1.10-1ubuntu2.4 | UNKNOWN |
References
Related
debian
debian
[SECURITY] [DSA 1302-1] New freetype packages fix integer overflow
2007-06-10 13:48:40
[SECURITY] [DSA 1334-1] New freetype packages fix arbitary code execution
2007-07-18 20:18:17
nessus
nessus
SuSE9 Security Update : freetype2 (YOU Patch Number 11554)
2009-09-24 00:00:00
Fedora 7 : freetype-2.3.4-3.fc7 (2007-0033)
2007-11-06 00:00:00
Mandrake Linux Security Advisory : freetype2 (MDKSA-2007:121)
2007-06-14 00:00:00
securityvulns
securityvulns
rPSA-2007-0108-1 freetype
2007-05-25 00:00:00
freetype integer overflow
2007-05-25 00:00:00
OpenOffice buffer overflow
2007-06-14 00:00:00
openvas
openvas
Ubuntu Update for freetype vulnerability USN-466-1
2009-03-23 00:00:00
Gentoo Security Advisory GLSA 200705-22 (freetype)
2008-09-24 00:00:00
Fedora Update for freetype FEDORA-2007-0033
2009-02-27 00:00:00
ubuntucve
ubuntucve
CVE-2007-2754
2007-05-17 00:00:00
CVE-2007-3408
2007-06-26 00:00:00
redhat
redhat
(RHSA-2007:0403) Moderate: freetype security update
2007-06-11 00:00:00
(RHSA-2009:1062) Important: freetype security update
2009-05-22 00:00:00
(RHSA-2009:0329) Important: freetype security update
2009-05-22 00:00:00
centos
centos
freetype security update
2007-06-11 09:27:08
freetype security update
2007-06-12 00:56:26
freetype security update
2009-05-22 14:02:05
cve
cve
CVE-2007-2754
2007-05-17 22:30:00
CVE-2007-3408
2007-06-26 18:30:00
prion
prion
Integer overflow
2007-05-17 22:30:00
Design/Logic Flaw
2007-06-26 18:30:00
suse
suse
remote code execution in freetype2
2007-07-04 13:46:33
fedora
fedora
[SECURITY] Fedora 7 Update: freetype-2.3.4-3.fc7
2007-06-06 02:56:13
[SECURITY] Fedora 11 Update: freetype1-1.4-0.8.pre.fc11
2009-05-28 08:17:11
[SECURITY] Fedora 10 Update: freetype1-1.4-0.8.pre.fc10
2009-05-28 08:01:17
freebsd
freebsd
FreeType 2 -- Heap overflow vulnerability
2007-04-27 00:00:00
oraclelinux
oraclelinux
Moderate: freetype security update
2007-06-11 00:00:00
freetype security update
2009-05-26 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:19:09
gentoo
gentoo
FreeType: Buffer overflow
2007-05-30 00:00:00
FreeType 1: User-assisted execution of arbitrary code
2010-06-01 00:00:00
OpenOffice.org: Two buffer overflows
2007-07-02 00:00:00
debiancve
debiancve
CVE-2007-2754
2007-05-17 22:30:00
CVE-2007-3408
2007-06-26 18:30:00
7.4 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.621 Medium
EPSS
Percentile
97.8%
Related for USN-466-1