9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.058 Low
EPSS
Percentile
93.3%
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as
used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and
other products, allows remote attackers to execute arbitrary code or cause
a denial of service (memory corruption and application crash) via a crafted
Type 1 font in a PDF document, as exploited in the wild in July 2011.
Author | Note |
---|---|
mdeslaur | don’t see issue with valgrind on 2.3.x, marking hardy and lucid as not-affected |
esec-lab.sogeti.com/post/Analysis-of-the-jailbreakme-v3-font-exploit
lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html
launchpad.net/bugs/cve/CVE-2011-0226
nvd.nist.gov/vuln/detail/CVE-2011-0226
security-tracker.debian.org/tracker/CVE-2011-0226
ubuntu.com/security/notices/USN-1173-1
www.cve.org/CVERecord?id=CVE-2011-0226