DSA-2428

Executive Summary

Summary
Title	freetype security update

Informations
Name	DSA-2428	First vendor Publication	2012-03-07
Vendor	Debian	Last vendor Modification	2012-03-07
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Mateusz Jurczyk from the Google Security Team discovered several vulnerabilties in Freetype's parsing of BDF, Type1 and TrueType fonts, which could result in the execution of arbitrary code if a malformed font file is processed.

For the stable distribution (squeeze), this problem has been fixed in version 2.4.2-2.1+squeeze4. The updated packages are already available since yesterday, but the advisory text couldn't be send earlier.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your freetype packages.

Original Source

Url : http://www.debian.org/security/2012/dsa-2428

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Type	Description	Count
Application	Freetype Freetype cpe:/a:freetype:freetype:2.4.8 cpe:/a:freetype:freetype:2.4.7 cpe:/a:freetype:freetype:2.4.6 cpe:/a:freetype:freetype:2.4.5 cpe:/a:freetype:freetype:2.4.4 cpe:/a:freetype:freetype:2.4.3 cpe:/a:freetype:freetype:2.4.2 cpe:/a:freetype:freetype:2.4.1 cpe:/a:freetype:freetype:2.4.0 cpe:/a:freetype:freetype:2.3.9 cpe:/a:freetype:freetype:2.3.8 cpe:/a:freetype:freetype:2.3.7 cpe:/a:freetype:freetype:2.3.6 cpe:/a:freetype:freetype:2.3.5 cpe:/a:freetype:freetype:2.3.4 cpe:/a:freetype:freetype:2.3.3 cpe:/a:freetype:freetype:2.3.2 cpe:/a:freetype:freetype:2.3.12 cpe:/a:freetype:freetype:2.3.11 cpe:/a:freetype:freetype:2.3.10 cpe:/a:freetype:freetype:2.3.1 cpe:/a:freetype:freetype:2.3.0 cpe:/a:freetype:freetype:2.2.1 cpe:/a:freetype:freetype:2.2 cpe:/a:freetype:freetype:2.1.9 cpe:/a:freetype:freetype:2.1.8_rc1 cpe:/a:freetype:freetype:2.1.8:rc1 cpe:/a:freetype:freetype:2.1.8 cpe:/a:freetype:freetype:2.1.7 cpe:/a:freetype:freetype:2.1.6 cpe:/a:freetype:freetype:2.1.5 cpe:/a:freetype:freetype:2.1.4 cpe:/a:freetype:freetype:2.1.3 cpe:/a:freetype:freetype:2.1.10 cpe:/a:freetype:freetype:2.1 cpe:/a:freetype:freetype:2.0.9 cpe:/a:freetype:freetype:2.0.8 cpe:/a:freetype:freetype:2.0.7 cpe:/a:freetype:freetype:2.0.6 cpe:/a:freetype:freetype:2.0.5 cpe:/a:freetype:freetype:2.0.4 cpe:/a:freetype:freetype:2.0.3 cpe:/a:freetype:freetype:2.0.2 cpe:/a:freetype:freetype:2.0.1 cpe:/a:freetype:freetype:2.0 cpe:/a:freetype:freetype:1.3.1	46
Application	Mozilla Firefox Mobile cpe:/a:mozilla:firefox_mobile:10.0.3 cpe:/a:mozilla:firefox_mobile:10.0.2 cpe:/a:mozilla:firefox_mobile:10.0.1 cpe:/a:mozilla:firefox_mobile:10.0 cpe:/a:mozilla:firefox_mobile:9.0 cpe:/a:mozilla:firefox_mobile:8.0 cpe:/a:mozilla:firefox_mobile:7.0 cpe:/a:mozilla:firefox_mobile:6.0.2 cpe:/a:mozilla:firefox_mobile:6.0.1 cpe:/a:mozilla:firefox_mobile:6.0 cpe:/a:mozilla:firefox_mobile:5.0 cpe:/a:mozilla:firefox_mobile:4.0 cpe:/a:mozilla:firefox_mobile:4.0:beta3 cpe:/a:mozilla:firefox_mobile:4.0:beta1 cpe:/a:mozilla:firefox_mobile:4.0:beta2 cpe:/a:mozilla:firefox_mobile:4.0:beta4 cpe:/a:mozilla:firefox_mobile:1.0	17