Lucene search

K
ubuntuUbuntuUSN-466-1
HistoryMay 30, 2007 - 12:00 a.m.

freetype vulnerability

2007-05-3000:00:00
ubuntu.com
37

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.622

Percentile

97.8%

Releases

  • Ubuntu 7.04
  • Ubuntu 6.10
  • Ubuntu 6.06

Details

Victor Stinner discovered that freetype did not correctly verify the
number of points in a TrueType font. If a user were tricked into using
a specially crafted font, a remote attacker could execute arbitrary code
with user privileges.

OSVersionArchitecturePackageVersionFilename
Ubuntu7.04noarchlibfreetype6< 2.2.1-5ubuntu1.1UNKNOWN
Ubuntu6.10noarchlibfreetype6< 2.2.1-5ubuntu0.2UNKNOWN
Ubuntu6.06noarchlibfreetype6< 2.1.10-1ubuntu2.4UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.622

Percentile

97.8%