9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
FreeType is vulnerable to remote code execution (RCE). Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html
lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.html
lists.opensuse.org/opensuse-security-announce/2012-01/msg00003.html
lists.opensuse.org/opensuse-security-announce/2012-01/msg00012.html
secunia.com/advisories/46921
secunia.com/advisories/48951
support.apple.com/kb/HT5052
access.redhat.com/errata/RHSA-2011:1455
access.redhat.com/security/updates/classification/#important