|Title||freetype security update|
|Name||DSA-2350||First vendor Publication||2011-11-20|
|Vendor||Debian||Last vendor Modification||2011-11-20|
Security-Database Scoring CVSS v2
|Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)|
|Cvss Base Score||9.3||Attack Range||Network|
|Cvss Impact Score||10||Attack Complexity||Medium|
|Cvss Expoit Score||8.6||Authentication||None Required|
|Calculate full CVSS 2.0 Vectors scores|
It was discovered that missing input sanitising in Freetype's processing of CID-keyed fonts could lead to the execution of arbitrary code.
For the oldstable distribution (lenny), this problem has been fixed in version 2.3.7-2+lenny8.
For the stable distribution (squeeze), this problem has been fixed in version 2.4.2-2.1+squeeze3.
For the unstable distribution (sid), this problem has been fixed in version 2.4.8-1.
We recommend that you upgrade your freetype packages.
|Url : http://www.debian.org/security/2011/dsa-2350|