|Title||freetype security update|
|Name||DSA-2428||First vendor Publication||2012-03-07|
|Vendor||Debian||Last vendor Modification||2012-03-07|
Security-Database Scoring CVSS v2
|Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)|
|Cvss Base Score||9.3||Attack Range||Network|
|Cvss Impact Score||10||Attack Complexity||Medium|
|Cvss Expoit Score||8.6||Authentification||None Required|
|Calculate full CVSS 2.0 Vectors scores|
Mateusz Jurczyk from the Google Security Team discovered several vulnerabilties in Freetype's parsing of BDF, Type1 and TrueType fonts, which could result in the execution of arbitrary code if a malformed font file is processed.
For the stable distribution (squeeze), this problem has been fixed in version 2.4.2-2.1+squeeze4. The updated packages are already available since yesterday, but the advisory text couldn't be send earlier.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your freetype packages.
|Url : http://www.debian.org/security/2012/dsa-2428|
CWE : Common Weakness Enumeration
|CWE-119||Failure to Constrain Operations within the Bounds of a Memory Buffer|