9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
freetype is vulnerable to arbitrary code execution. The vulnerability exists through a flaw found in the way the FreeType font rendering engine processed certain PostScript Type 1 fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
CPE | Name | Operator | Version |
---|---|---|---|
freetype | eq | 2.3.11__5.el6 | |
freetype | eq | 2.3.11__5.el6 |
lists.apple.com/archives/security-announce/2011//Jul/msg00000.html
lists.apple.com/archives/security-announce/2011//Jul/msg00001.html
lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html
lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html
lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html
lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html
lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html
lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html
lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html
secunia.com/advisories/45167
secunia.com/advisories/45224
support.apple.com/kb/HT4802
support.apple.com/kb/HT4803
support.apple.com/kb/HT5002
www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html
www.debian.org/security/2011/dsa-2294
www.mandriva.com/security/advisories?name=MDVSA-2011:120
www.redhat.com/support/errata/RHSA-2011-1085.html
www.securityfocus.com/bid/48619
access.redhat.com/errata/RHSA-2011:1085
access.redhat.com/security/updates/classification/#important