Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24204

HistoryApr 10, 2020 - 12:48 a.m.

Arbitrary Code Execution

2020-04-1000:48:57

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

freetype is vulnerable to arbitrary code execution. The vulnerability exists through an array index error was found in the way the FreeType font rendering engine processed certain PostScript Type 42 font files. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

CPENameOperatorVersion
freetypeeq2.2.1__16.el5
freetypeeq2.1.9__1.rhel4.4
freetypeeq2.2.1__26.el5_5
freetypeeq2.1.9__6.el4
freetypeeq2.2.1__17.el5
freetypeeq2.2.1__21.el5_3
freetypeeq2.1.4__16.el3
freetypeeq2.1.4__5.el3
freetypeeq2.1.4__4.0.rhel3.2
freetypeeq2.1.9__4.el4

Rows per page:

1-10 of 521

References

freetype.sourceforge.net/index2.html#release-freetype-2.4.2

git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=c06da1ad34663da7b6fc39b030dc3ae185b96557

lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

marc.info/?l=oss-security&m=128111955616772&w=2

secunia.com/advisories/40816

secunia.com/advisories/40982

secunia.com/advisories/42314

secunia.com/advisories/42317

sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view

support.apple.com/kb/HT4435

support.apple.com/kb/HT4456

support.apple.com/kb/HT4457

www.redhat.com/security/updates/classification/#important

www.redhat.com/support/errata/RHSA-2010-0864.html

www.securityfocus.com/bid/42285

www.ubuntu.com/usn/USN-972-1

www.vupen.com/english/advisories/2010/2018

www.vupen.com/english/advisories/2010/2106

www.vupen.com/english/advisories/2010/3045

www.vupen.com/english/advisories/2010/3046

access.redhat.com/errata/RHSA-2010:0736

access.redhat.com/errata/RHSA-2010:0737

access.redhat.com/errata/RHSA-2010:0864

access.redhat.com/security/cve/CVE-2010-2806

bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019

bugzilla.redhat.com/show_bug.cgi?id=621980

rhn.redhat.com/errata/RHSA-2010-0736.html

rhn.redhat.com/errata/RHSA-2010-0737.html

savannah.nongnu.org/bugs/?30656

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

Related for VERACODE:24204

debiancve1 cve1 prion1 ubuntucve1 redhat3 centos2 oraclelinux3 nessus27 openvas33 securityvulns3 ubuntu1 debian2 osv1 fedora4 gentoo1