DSA-2350

Executive Summary

Summary
Title	freetype security update

Informations
Name	DSA-2350	First vendor Publication	2011-11-20
Vendor	Debian	Last vendor Modification	2011-11-20
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

It was discovered that missing input sanitising in Freetype's processing of CID-keyed fonts could lead to the execution of arbitrary code.

For the oldstable distribution (lenny), this problem has been fixed in version 2.3.7-2+lenny8.

For the stable distribution (squeeze), this problem has been fixed in version 2.4.2-2.1+squeeze3.

For the unstable distribution (sid), this problem has been fixed in version 2.4.8-1.

We recommend that you upgrade your freetype packages.

Original Source

Url : http://www.debian.org/security/2011/dsa-2350

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Type	Description	Count
Os	Apple Iphone Os cpe:/o:apple:iphone_os:5.0:-:ipad cpe:/o:apple:iphone_os:5.0:-:iphone cpe:/o:apple:iphone_os:5.0 cpe:/o:apple:iphone_os:5.0:-:ipodtouch cpe:/o:apple:iphone_os:4.3.5:-:ipodtouch cpe:/o:apple:iphone_os:4.3.5:-:ipad cpe:/o:apple:iphone_os:4.3.5 cpe:/o:apple:iphone_os:4.3.4 cpe:/o:apple:iphone_os:4.3.3 cpe:/o:apple:iphone_os:4.3.2 cpe:/o:apple:iphone_os:4.3.1 cpe:/o:apple:iphone_os:4.3.0 cpe:/o:apple:iphone_os:4.2.9 cpe:/o:apple:iphone_os:4.2.8 cpe:/o:apple:iphone_os:4.2.5 cpe:/o:apple:iphone_os:4.2.1 cpe:/o:apple:iphone_os:4.2 cpe:/o:apple:iphone_os:4.1 cpe:/o:apple:iphone_os:4.0.2:-:iphone cpe:/o:apple:iphone_os:4.0.2:-:ipodtouch cpe:/o:apple:iphone_os:4.0.2 cpe:/o:apple:iphone_os:4.0.1:-:ipodtouch cpe:/o:apple:iphone_os:4.0.1:-:iphone cpe:/o:apple:iphone_os:4.0.1 cpe:/o:apple:iphone_os:4.0:-:ipodtouch cpe:/o:apple:iphone_os:4.0 cpe:/o:apple:iphone_os:4.0:-:iphone cpe:/o:apple:iphone_os:3.2.2:-:ipad cpe:/o:apple:iphone_os:3.2.2 cpe:/o:apple:iphone_os:3.2.1 cpe:/o:apple:iphone_os:3.2.1:-:ipad cpe:/o:apple:iphone_os:3.2 cpe:/o:apple:iphone_os:3.2:-:ipodtouch cpe:/o:apple:iphone_os:3.2:-:iphone cpe:/o:apple:iphone_os:3.1.3 cpe:/o:apple:iphone_os:3.1.3:-:ipodtouch cpe:/o:apple:iphone_os:3.1.3:-:iphone cpe:/o:apple:iphone_os:3.1.2 cpe:/o:apple:iphone_os:3.1.2:-:iphone cpe:/o:apple:iphone_os:3.1.2:-:ipodtouch cpe:/o:apple:iphone_os:3.1:-:ipodtouch cpe:/o:apple:iphone_os:3.1:-:iphone cpe:/o:apple:iphone_os:3.1 cpe:/o:apple:iphone_os:3.0.1 cpe:/o:apple:iphone_os:3.0.1:-:ipodtouch cpe:/o:apple:iphone_os:3.0.1:-:iphone cpe:/o:apple:iphone_os:3.0:-:ipodtouch cpe:/o:apple:iphone_os:3.0 cpe:/o:apple:iphone_os:3.0:-:iphone cpe:/o:apple:iphone_os:2.2.1:-:ipodtouch cpe:/o:apple:iphone_os:2.2.1:-:iphone cpe:/o:apple:iphone_os:2.2.1 cpe:/o:apple:iphone_os:2.2 cpe:/o:apple:iphone_os:2.2:-:ipodtouch cpe:/o:apple:iphone_os:2.2:-:iphone cpe:/o:apple:iphone_os:2.1.1 cpe:/o:apple:iphone_os:2.1:-:ipodtouch cpe:/o:apple:iphone_os:2.1 cpe:/o:apple:iphone_os:2.1:-:iphone cpe:/o:apple:iphone_os:2.0.2 cpe:/o:apple:iphone_os:2.0.2:-:iphone cpe:/o:apple:iphone_os:2.0.2:-:ipodtouch cpe:/o:apple:iphone_os:2.0.1:-:iphone cpe:/o:apple:iphone_os:2.0.1:-:ipodtouch cpe:/o:apple:iphone_os:2.0.1 cpe:/o:apple:iphone_os:2.0.0 cpe:/o:apple:iphone_os:2.0.0:-:iphone cpe:/o:apple:iphone_os:2.0.0:-:ipodtouch cpe:/o:apple:iphone_os:2.0 cpe:/o:apple:iphone_os:1.1.5:-:ipodtouch cpe:/o:apple:iphone_os:1.1.5:-:iphone cpe:/o:apple:iphone_os:1.1.5 cpe:/o:apple:iphone_os:1.1.4 cpe:/o:apple:iphone_os:1.1.4:-:iphone cpe:/o:apple:iphone_os:1.1.4:-:ipodtouch cpe:/o:apple:iphone_os:1.1.3:-:ipodtouch cpe:/o:apple:iphone_os:1.1.3 cpe:/o:apple:iphone_os:1.1.3:-:iphone cpe:/o:apple:iphone_os:1.1.2 cpe:/o:apple:iphone_os:1.1.2:-:ipodtouch cpe:/o:apple:iphone_os:1.1.2:-:iphone cpe:/o:apple:iphone_os:1.1.1:-:ipodtouch cpe:/o:apple:iphone_os:1.1.1 cpe:/o:apple:iphone_os:1.1.1:-:iphone cpe:/o:apple:iphone_os:1.1.0:-:ipodtouch cpe:/o:apple:iphone_os:1.1.0 cpe:/o:apple:iphone_os:1.1.0:-:iphone cpe:/o:apple:iphone_os:1.1 cpe:/o:apple:iphone_os:1.0.2 cpe:/o:apple:iphone_os:1.0.2:-:iphone cpe:/o:apple:iphone_os:1.0.1:-:iphone cpe:/o:apple:iphone_os:1.0.1 cpe:/o:apple:iphone_os:1.0.0:-:iphone cpe:/o:apple:iphone_os:1.0.0 cpe:/o:apple:iphone_os:1.0 cpe:/o:apple:iphone_os	96

Open Source Vulnerability Database (OSVDB)

id	Description
77014	Apple iOS CoreGraphics Component src/cid/cidload.c FreeType CID-keyed Type 1 ...

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 00:44:13	Multiple Updates
2012-12-19 13:26:42	Multiple Updates

Type	Count
CPE ID(s)	96
osvdb(s)	1

Related	Severity
CVE-2011-3439	(Critical)

Same Subject	Severity
Login to view 5 more Alert(s)

DSA-2350

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU