Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title FreeType: Multiple vulnerabilities
Informations
Name GLSA-201201-09 First vendor Publication 2012-01-23
Vendor Gentoo Last vendor Modification 2012-01-23
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in FreeType, allowing remote attackers to possibly execute arbitrary code or cause a Denial of Service.

Background

FreeType is a high-quality and portable font engine.

Description

Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted font, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All FreeType users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8"

References

[ 1 ] CVE-2010-1797 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797
[ 2 ] CVE-2010-2497 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497
[ 3 ] CVE-2010-2498 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498
[ 4 ] CVE-2010-2499 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499
[ 5 ] CVE-2010-2500 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500
[ 6 ] CVE-2010-2519 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519
[ 7 ] CVE-2010-2520 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520
[ 8 ] CVE-2010-2527 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527
[ 9 ] CVE-2010-2541 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541
[ 10 ] CVE-2010-2805 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805
[ 11 ] CVE-2010-2806 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806
[ 12 ] CVE-2010-2807 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807
[ 13 ] CVE-2010-2808 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808
[ 14 ] CVE-2010-3053 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053
[ 15 ] CVE-2010-3054 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054
[ 16 ] CVE-2010-3311 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311
[ 17 ] CVE-2010-3814 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814
[ 18 ] CVE-2010-3855 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855
[ 19 ] CVE-2011-0226 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226
[ 20 ] CVE-2011-3256 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256
[ 21 ] CVE-2011-3439 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201201-09.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201201-09.xml

CWE : Common Weakness Enumeration

% Id Name
20 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
20 % CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)
15 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10 % CWE-189 Numeric Errors (CWE/SANS Top 25)
10 % CWE-20 Improper Input Validation
5 % CWE-681 Incorrect Conversion between Numeric Types
5 % CWE-191 Integer Underflow (Wrap or Wraparound)
5 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)
5 % CWE-129 Improper Validation of Array Index
5 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11944
 
Oval ID: oval:org.mitre.oval:def:11944
Title: DSA-2070 freetype -- several vulnerabilities
Description: Robert Swiecki discovered several vulnerabilities in the FreeType font library, which could lead to the execution of arbitrary code if a malformed font file is processed. Also, several buffer overflows were found in the included demo programs.
Family: unix Class: patch
Reference(s): DSA-2070
CVE-2010-2497
CVE-2010-2498
CVE-2010-2499
CVE-2010-2500
CVE-2010-2519
CVE-2010-2520
CVE-2010-2527
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12409
 
Oval ID: oval:org.mitre.oval:def:12409
Title: DSA-2155-1 freetype -- several
Description: Two buffer overflows were found in the Freetype font library, which could lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2155-1
CVE-2010-3814
CVE-2010-3855
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12591
 
Oval ID: oval:org.mitre.oval:def:12591
Title: DSA-2116-1 poppler -- several
Description: Joel Voss of Leviathan Security Group discovered two vulnerabilities in the Poppler PDF rendering library, which may lead to the execution of arbitrary code if a malformed PDF file is opened. For the stable distribution, these problems have been fixed in version 0.8.7-4. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your poppler packages.
Family: unix Class: patch
Reference(s): DSA-2116-1
CVE-2010-3311
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): poppler
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12761
 
Oval ID: oval:org.mitre.oval:def:12761
Title: DSA-2105-1 freetype -- several
Description: Several vulnerabilities have been discovered in the FreeType font library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1797 Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType allow remote attackers to execute arbitrary code or cause a denial of service via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. CVE-2010-2541 Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font file. CVE-2010-2805 The FT_Stream_EnterFrame function in base/ftstream.c in FreeType does not properly validate certain position values, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font file CVE-2010-2806 Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType allows remote attackers to cause a denial of service or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. CVE-2010-2807 FreeType uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font file. CVE-2010-2808 Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File font. CVE-2010-3053 bdf/bdflib.c in FreeType allows remote attackers to cause a denial of service via a crafted BDF font file, related to an attempted modification of a value in a static string. For the stable distribution, these problems have been fixed in version 2.3.7-2+lenny3 For the unstable distribution and the testing distribution, these problems have been fixed in version 2.4.2-1 We recommend that you upgrade your freetype package.
Family: unix Class: patch
Reference(s): DSA-2105-1
CVE-2010-1797
CVE-2010-2541
CVE-2010-2805
CVE-2010-2806
CVE-2010-2807
CVE-2010-2808
CVE-2010-3053
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13016
 
Oval ID: oval:org.mitre.oval:def:13016
Title: USN-963-1 -- freetype vulnerabilities
Description: Robert Święcki discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges.
Family: unix Class: patch
Reference(s): USN-963-1
CVE-2010-2498
CVE-2010-2499
CVE-2010-2500
CVE-2010-2519
CVE-2010-2520
CVE-2010-2527
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13123
 
Oval ID: oval:org.mitre.oval:def:13123
Title: USN-1013-1 -- freetype vulnerabilities
Description: Marc Schoenefeld discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. Chris Evans discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. It was discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges
Family: unix Class: patch
Reference(s): USN-1013-1
CVE-2010-3311
CVE-2010-3814
CVE-2010-3855
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13149
 
Oval ID: oval:org.mitre.oval:def:13149
Title: USN-972-1 -- freetype vulnerabilities
Description: It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
Family: unix Class: patch
Reference(s): USN-972-1
CVE-2010-1797
CVE-2010-2541
CVE-2010-2805
CVE-2010-2806
CVE-2010-2807
CVE-2010-2808
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13388
 
Oval ID: oval:org.mitre.oval:def:13388
Title: DSA-2070-1 freetype -- several
Description: Robert Swiecki discovered several vulnerabilities in the FreeType font library, which could lead to the execution of arbitrary code if a malformed font file is processed. Also, several buffer overflows were found in the included demo programs. For the stable distribution, these problems have been fixed in version 2.3.7-2+lenny2. For the unstable distribution, these problems have been fixed in version 2.4.0-1. We recommend that you upgrade your freetype packages.
Family: unix Class: patch
Reference(s): DSA-2070-1
CVE-2010-2497
CVE-2010-2498
CVE-2010-2499
CVE-2010-2500
CVE-2010-2519
CVE-2010-2520
CVE-2010-2527
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13897
 
Oval ID: oval:org.mitre.oval:def:13897
Title: USN-1173-1 -- freetype vulnerability
Description: freetype: FreeType 2 is a font engine library FreeType could be made to run programs as your login if it opened a specially crafted font file.
Family: unix Class: patch
Reference(s): USN-1173-1
CVE-2011-0226
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 10.10
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15136
 
Oval ID: oval:org.mitre.oval:def:15136
Title: DSA-2294-1 freetype -- missing input sanisiting
Description: It was discovered that insufficient input saniting in Freetype's code to parse Type1 could lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2294-1
CVE-2011-0226
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15179
 
Oval ID: oval:org.mitre.oval:def:15179
Title: DSA-2328-1 freetype -- missing input sanitising
Description: It was discovered that missing input sanitising in Freetype's glyph handling could lead to memory corruption, resulting in denial of service or the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2328-1
CVE-2011-3256
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15271
 
Oval ID: oval:org.mitre.oval:def:15271
Title: DSA-2350-1 freetype -- missing input sanitising
Description: It was discovered that missing input sanitising in Freetype's processing of CID-keyed fonts could lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2350-1
CVE-2011-3439
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15440
 
Oval ID: oval:org.mitre.oval:def:15440
Title: USN-1267-1 -- FreeType vulnerabilities
Description: freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs as your login if it opened a specially crafted font file.
Family: unix Class: patch
Reference(s): USN-1267-1
CVE-2011-3256
CVE-2011-3439
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Ubuntu 8.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): FreeType
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21160
 
Oval ID: oval:org.mitre.oval:def:21160
Title: RHSA-2011:1085: freetype security update (Important)
Description: Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
Family: unix Class: patch
Reference(s): RHSA-2011:1085-01
CVE-2011-0226
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21490
 
Oval ID: oval:org.mitre.oval:def:21490
Title: RHSA-2010:0607: freetype security update (Important)
Description: Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
Family: unix Class: patch
Reference(s): RHSA-2010:0607-02
CESA-2010:0607
CVE-2010-1797
Version: 4
Platform(s): Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21950
 
Oval ID: oval:org.mitre.oval:def:21950
Title: RHSA-2011:1402: freetype security update (Important)
Description: FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.
Family: unix Class: patch
Reference(s): RHSA-2011:1402-01
CESA-2011:1402
CVE-2011-3256
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22011
 
Oval ID: oval:org.mitre.oval:def:22011
Title: RHSA-2011:1455: freetype security update (Important)
Description: FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
Family: unix Class: patch
Reference(s): RHSA-2011:1455-01
CESA-2011:1455
CVE-2011-3439
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22211
 
Oval ID: oval:org.mitre.oval:def:22211
Title: RHSA-2010:0578: freetype security update (Important)
Description: Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
Family: unix Class: patch
Reference(s): RHSA-2010:0578-01
CESA-2010:0578
CVE-2010-2498
CVE-2010-2499
CVE-2010-2500
CVE-2010-2519
CVE-2010-2527
CVE-2010-2541
Version: 81
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22238
 
Oval ID: oval:org.mitre.oval:def:22238
Title: RHSA-2010:0864: freetype security update (Important)
Description: Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.
Family: unix Class: patch
Reference(s): RHSA-2010:0864-02
CVE-2010-2805
CVE-2010-2806
CVE-2010-2808
CVE-2010-3311
Version: 55
Platform(s): Red Hat Enterprise Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22278
 
Oval ID: oval:org.mitre.oval:def:22278
Title: RHSA-2010:0889: freetype security update (Important)
Description: Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.
Family: unix Class: patch
Reference(s): RHSA-2010:0889-01
CESA-2010:0889
CVE-2010-3855
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22379
 
Oval ID: oval:org.mitre.oval:def:22379
Title: RHSA-2010:0737: freetype security update (Important)
Description: Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.
Family: unix Class: patch
Reference(s): RHSA-2010:0737-01
CESA-2010:0737
CVE-2010-2806
CVE-2010-2808
CVE-2010-3054
CVE-2010-3311
Version: 55
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22696
 
Oval ID: oval:org.mitre.oval:def:22696
Title: ELSA-2010:0578: freetype security update (Important)
Description: Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
Family: unix Class: patch
Reference(s): ELSA-2010:0578-01
CVE-2010-2498
CVE-2010-2499
CVE-2010-2500
CVE-2010-2519
CVE-2010-2527
CVE-2010-2541
Version: 29
Platform(s): Oracle Linux 5
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22937
 
Oval ID: oval:org.mitre.oval:def:22937
Title: ELSA-2010:0607: freetype security update (Important)
Description: Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
Family: unix Class: patch
Reference(s): ELSA-2010:0607-02
CVE-2010-1797
Version: 6
Platform(s): Oracle Linux 5
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23017
 
Oval ID: oval:org.mitre.oval:def:23017
Title: ELSA-2010:0737: freetype security update (Important)
Description: Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.
Family: unix Class: patch
Reference(s): ELSA-2010:0737-01
CVE-2010-2806
CVE-2010-2808
CVE-2010-3054
CVE-2010-3311
Version: 21
Platform(s): Oracle Linux 5
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23072
 
Oval ID: oval:org.mitre.oval:def:23072
Title: DEPRECATED: ELSA-2011:1455: freetype security update (Important)
Description: FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
Family: unix Class: patch
Reference(s): ELSA-2011:1455-01
CVE-2011-3439
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23180
 
Oval ID: oval:org.mitre.oval:def:23180
Title: DEPRECATED: ELSA-2010:0889: freetype security update (Important)
Description: Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.
Family: unix Class: patch
Reference(s): ELSA-2010:0889-01
CVE-2010-3855
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23196
 
Oval ID: oval:org.mitre.oval:def:23196
Title: DEPRECATED: ELSA-2011:1402: freetype security update (Important)
Description: FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.
Family: unix Class: patch
Reference(s): ELSA-2011:1402-01
CVE-2011-3256
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23365
 
Oval ID: oval:org.mitre.oval:def:23365
Title: ELSA-2011:1402: freetype security update (Important)
Description: FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.
Family: unix Class: patch
Reference(s): ELSA-2011:1402-01
CVE-2011-3256
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23494
 
Oval ID: oval:org.mitre.oval:def:23494
Title: ELSA-2010:0864: freetype security update (Important)
Description: Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.
Family: unix Class: patch
Reference(s): ELSA-2010:0864-02
CVE-2010-2805
CVE-2010-2806
CVE-2010-2808
CVE-2010-3311
Version: 21
Platform(s): Oracle Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23556
 
Oval ID: oval:org.mitre.oval:def:23556
Title: ELSA-2010:0889: freetype security update (Important)
Description: Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.
Family: unix Class: patch
Reference(s): ELSA-2010:0889-01
CVE-2010-3855
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23617
 
Oval ID: oval:org.mitre.oval:def:23617
Title: ELSA-2011:1455: freetype security update (Important)
Description: FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
Family: unix Class: patch
Reference(s): ELSA-2011:1455-01
CVE-2011-3439
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23655
 
Oval ID: oval:org.mitre.oval:def:23655
Title: ELSA-2011:1085: freetype security update (Important)
Description: Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
Family: unix Class: patch
Reference(s): ELSA-2011:1085-01
CVE-2011-0226
Version: 6
Platform(s): Oracle Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27706
 
Oval ID: oval:org.mitre.oval:def:27706
Title: DEPRECATED: ELSA-2011-1085 -- freetype security update (important)
Description: [2.3.11-6.el6_1.6] - A little change in configure part - Resolves: #723467 [2.3.11-6.el6_1.5] - Use -fno-strict-aliasing instead of __attribute__((__may_alias__)) - Resolves: #723467 [2.3.11-6.el6_1.4] - Allow FT_Glyph to alias (to pass Rpmdiff) - Resolves: #723467 [2.3.11-6.el6_1.3] - Add freetype-2.3.11-CVE-2011-0226.patch (Add better argument check for 'callothersubr'.) - based on patches by Werner Lemberg, Alexei Podtelezhnikov and Matthias Drochner - Resolves: #723467
Family: unix Class: patch
Reference(s): ELSA-2011-1085
CVE-2011-0226
Version: 4
Platform(s): Oracle Linux 6
Product(s): freetype
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 53
Os 113
Os 73
Os 14
Os 6
Os 1
Os 1
Os 2
Os 1

ExploitDB Exploits

id Description
2010-08-24 Foxit Reader <= 4.0 pdf Jailbreak Exploit

OpenVAS Exploits

Date Description
2012-08-02 Name : SuSE Update for freetype2 openSUSE-SU-2012:0015-1 (freetype2)
File : nvt/gb_suse_2012_0015_1.nasl
2012-08-02 Name : SuSE Update for freetype2 openSUSE-SU-2012:0047-1 (freetype2)
File : nvt/gb_suse_2012_0047_1.nasl
2012-07-30 Name : CentOS Update for freetype CESA-2011:1455 centos4 x86_64
File : nvt/gb_CESA-2011_1455_freetype_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for freetype CESA-2011:1402 centos5 x86_64
File : nvt/gb_CESA-2011_1402_freetype_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for freetype CESA-2011:1402 centos4 x86_64
File : nvt/gb_CESA-2011_1402_freetype_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for freetype CESA-2011:1455 centos5 x86_64
File : nvt/gb_CESA-2011_1455_freetype_centos5_x86_64.nasl
2012-06-06 Name : RedHat Update for freetype RHSA-2011:1085-01
File : nvt/gb_RHSA-2011_1085-01_freetype.nasl
2012-04-26 Name : Fedora Update for freetype FEDORA-2012-5422
File : nvt/gb_fedora_2012_5422_freetype_fc15.nasl
2012-04-20 Name : Fedora Update for freetype FEDORA-2012-4946
File : nvt/gb_fedora_2012_4946_freetype_fc16.nasl
2012-03-19 Name : Fedora Update for freetype FEDORA-2011-15927
File : nvt/gb_fedora_2011_15927_freetype_fc16.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201201-09 (FreeType)
File : nvt/glsa_201201_09.nasl
2012-02-11 Name : Debian Security Advisory DSA 2350-1 (freetype)
File : nvt/deb_2350_1.nasl
2012-02-11 Name : Debian Security Advisory DSA 2328-1 (freetype)
File : nvt/deb_2328_1.nasl
2012-02-06 Name : Mac OS X Multiple Vulnerabilities (2012-001)
File : nvt/gb_macosx_su12-001.nasl
2011-12-05 Name : Fedora Update for freetype FEDORA-2011-15964
File : nvt/gb_fedora_2011_15964_freetype_fc15.nasl
2011-12-02 Name : Fedora Update for freetype FEDORA-2011-15956
File : nvt/gb_fedora_2011_15956_freetype_fc14.nasl
2011-11-25 Name : Mandriva Update for freetype2 MDVSA-2011:177 (freetype2)
File : nvt/gb_mandriva_MDVSA_2011_177.nasl
2011-11-21 Name : Ubuntu Update for freetype USN-1267-1
File : nvt/gb_ubuntu_USN_1267_1.nasl
2011-11-21 Name : CentOS Update for freetype CESA-2011:1455 centos5 i386
File : nvt/gb_CESA-2011_1455_freetype_centos5_i386.nasl
2011-11-21 Name : CentOS Update for freetype CESA-2011:1455 centos4 i386
File : nvt/gb_CESA-2011_1455_freetype_centos4_i386.nasl
2011-11-18 Name : RedHat Update for freetype RHSA-2011:1455-01
File : nvt/gb_RHSA-2011_1455-01_freetype.nasl
2011-11-11 Name : Fedora Update for freetype FEDORA-2011-14749
File : nvt/gb_fedora_2011_14749_freetype_fc15.nasl
2011-11-11 Name : CentOS Update for freetype CESA-2011:1402 centos4 i386
File : nvt/gb_CESA-2011_1402_freetype_centos4_i386.nasl
2011-10-31 Name : Mandriva Update for freetype2 MDVSA-2011:157 (freetype2)
File : nvt/gb_mandriva_MDVSA_2011_157.nasl
2011-10-31 Name : CentOS Update for freetype CESA-2011:1402 centos5 i386
File : nvt/gb_CESA-2011_1402_freetype_centos5_i386.nasl
2011-10-31 Name : RedHat Update for freetype RHSA-2011:1402-01
File : nvt/gb_RHSA-2011_1402-01_freetype.nasl
2011-10-20 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)
File : nvt/gb_macosx_su11-006.nasl
2011-09-21 Name : Debian Security Advisory DSA 2294-1 (freetype)
File : nvt/deb_2294_1.nasl
2011-09-21 Name : FreeBSD Ports: freetype2
File : nvt/freebsd_freetype23.nasl
2011-09-07 Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
File : nvt/gb_macosx_su10-007.nasl
2011-09-07 Name : Fedora Update for freetype FEDORA-2011-9525
File : nvt/gb_fedora_2011_9525_freetype_fc14.nasl
2011-08-26 Name : Mac OS X v10.6.6 Multiple Vulnerabilities (2011-001)
File : nvt/secpod_macosx_su11-001.nasl
2011-08-09 Name : CentOS Update for freetype CESA-2010:0607 centos5 i386
File : nvt/gb_CESA-2010_0607_freetype_centos5_i386.nasl
2011-08-09 Name : CentOS Update for freetype CESA-2010:0578 centos5 i386
File : nvt/gb_CESA-2010_0578_freetype_centos5_i386.nasl
2011-08-09 Name : CentOS Update for freetype CESA-2010:0737 centos5 i386
File : nvt/gb_CESA-2010_0737_freetype_centos5_i386.nasl
2011-08-09 Name : CentOS Update for freetype CESA-2010:0889 centos5 i386
File : nvt/gb_CESA-2010_0889_freetype_centos5_i386.nasl
2011-08-02 Name : Mandriva Update for freetype2 MDVSA-2011:120 (freetype2)
File : nvt/gb_mandriva_MDVSA_2011_120.nasl
2011-07-27 Name : Ubuntu Update for freetype USN-1173-1
File : nvt/gb_ubuntu_USN_1173_1.nasl
2011-03-07 Name : Debian Security Advisory DSA 2155-1 (freetype)
File : nvt/deb_2155_1.nasl
2010-12-02 Name : Fedora Update for freetype FEDORA-2010-17742
File : nvt/gb_fedora_2010_17742_freetype_fc14.nasl
2010-12-02 Name : Fedora Update for freetype FEDORA-2010-15878
File : nvt/gb_fedora_2010_15878_freetype_fc14.nasl
2010-11-23 Name : Fedora Update for freetype FEDORA-2010-17728
File : nvt/gb_fedora_2010_17728_freetype_fc13.nasl
2010-11-23 Name : RedHat Update for freetype RHSA-2010:0889-01
File : nvt/gb_RHSA-2010_0889-01_freetype.nasl
2010-11-23 Name : CentOS Update for freetype CESA-2010:0889 centos4 i386
File : nvt/gb_CESA-2010_0889_freetype_centos4_i386.nasl
2010-11-23 Name : Fedora Update for freetype FEDORA-2010-17755
File : nvt/gb_fedora_2010_17755_freetype_fc12.nasl
2010-11-23 Name : Mandriva Update for freetype2 MDVSA-2010:236 (freetype2)
File : nvt/gb_mandriva_MDVSA_2010_236.nasl
2010-11-16 Name : Fedora Update for freetype FEDORA-2010-15785
File : nvt/gb_fedora_2010_15785_freetype_fc12.nasl
2010-11-16 Name : Ubuntu Update for freetype vulnerabilities USN-1013-1
File : nvt/gb_ubuntu_USN_1013_1.nasl
2010-10-22 Name : Fedora Update for freetype FEDORA-2010-15705
File : nvt/gb_fedora_2010_15705_freetype_fc13.nasl
2010-10-19 Name : Mandriva Update for freetype2 MDVSA-2010:201 (freetype2)
File : nvt/gb_mandriva_MDVSA_2010_201.nasl
2010-10-19 Name : CentOS Update for freetype CESA-2010:0736 centos3 i386
File : nvt/gb_CESA-2010_0736_freetype_centos3_i386.nasl
2010-10-19 Name : CentOS Update for freetype CESA-2010:0737 centos4 i386
File : nvt/gb_CESA-2010_0737_freetype_centos4_i386.nasl
2010-10-19 Name : RedHat Update for freetype RHSA-2010:0736-01
File : nvt/gb_RHSA-2010_0736-01_freetype.nasl
2010-10-19 Name : RedHat Update for freetype RHSA-2010:0737-01
File : nvt/gb_RHSA-2010_0737-01_freetype.nasl
2010-09-01 Name : FreeType Unspecified Vulnerability (Windows)
File : nvt/secpod_freetype_unspecified_vuln_win.nasl
2010-09-01 Name : FreeType Multiple denial of service vulnerabilities (Windows)
File : nvt/secpod_freetype_mult_dos_vuln_win.nasl
2010-09-01 Name : FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
File : nvt/secpod_freetype_mem_corruption_n_bof_vuln_win.nasl
2010-08-24 Name : Mandriva Update for freetype2 MDVSA-2010:157 (freetype2)
File : nvt/gb_mandriva_MDVSA_2010_157.nasl
2010-08-24 Name : Mandriva Update for freetype2 MDVSA-2010:156 (freetype2)
File : nvt/gb_mandriva_MDVSA_2010_156.nasl
2010-08-20 Name : CentOS Update for freetype CESA-2010:0607 centos3 i386
File : nvt/gb_CESA-2010_0607_freetype_centos3_i386.nasl
2010-08-20 Name : CentOS Update for freetype CESA-2010:0577 centos3 i386
File : nvt/gb_CESA-2010_0577_freetype_centos3_i386.nasl
2010-08-20 Name : Ubuntu Update for freetype vulnerabilities USN-972-1
File : nvt/gb_ubuntu_USN_972_1.nasl
2010-08-13 Name : Mandriva Update for freetype2 MDVSA-2010:149 (freetype2)
File : nvt/gb_mandriva_MDVSA_2010_149.nasl
2010-08-06 Name : RedHat Update for freetype RHSA-2010:0607-02
File : nvt/gb_RHSA-2010_0607-02_freetype.nasl
2010-08-02 Name : RedHat Update for freetype RHSA-2010:0578-01
File : nvt/gb_RHSA-2010_0578-01_freetype.nasl
2010-08-02 Name : RedHat Update for freetype RHSA-2010:0577-01
File : nvt/gb_RHSA-2010_0577-01_freetype.nasl
2010-07-23 Name : Ubuntu Update for freetype vulnerabilities USN-963-1
File : nvt/gb_ubuntu_USN_963_1.nasl
2010-07-22 Name : Debian Security Advisory DSA 2070-1 (freetype)
File : nvt/deb_2070_1.nasl
0000-00-00 Name : FreeBSD Ports: freetype2
File : nvt/freebsd_freetype24.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
77014 Apple iOS CoreGraphics Component src/cid/cidload.c FreeType CID-keyed Type 1 ...

76324 Apple iOS CoreGraphics Multiple freetype Font Handling Memory Corruption

73661 FreeType t1_decoder_parse_charstrings() Function PostScript Type1 Font Handli...

A memory corruption flaw exists in FreeType. The t1_decoder_parse_charstrings() Function fails to sanitize user-supplied input when handling PostScript Type1 fonts, resulting in memory corruption. With a specially crafted PostScript Type1 font, a context-dependent attacker can execute arbitrary code.
70334 FreeType libXft base/ftstream.c CFF File Handling Overflow

FreeType is prone to an overflow condition. 'base/ftstream.c' in libXft fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted CFF font file, a context-dependent attacker can potentially cause a further heap-based buffer overflow, allowing them to execute arbitrary code.
69513 FreeType ttinterp.c Ins_SHZ Function Crafted SHZ Bytecode Overflow

FreeType is prone to an overflow condition. The 'Ins_SHZ' function in 'ttinterp.c' fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted SHZ bytecode instruction, such as in a PDF document with a specially crafted font, a context-dependent attacker can potentially execute arbitrary code.
68704 FreeType src/truetype/ttgxvar.c ft_var_readpackedpoints() Function TrueType G...

FreeType is prone to an overflow condition. The 'ft_var_readpackedpoints()' function in 'truetype/ttgxvar.c' fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted TrueType GX font, a context-dependent attacker can potentially execute arbitrary code.
67307 FreeType Nested Standard Encoding Accented Character Call DoS

67306 FreeType bdf/bdflib.c Crafted BDF Font File Handling DoS

67305 FreeType base/ftobjs.c Mac_Read_POST_Resource Function Crafted LWFN Font Hand...

67304 FreeType Bounds Checking Integer Data Type Crafted Font File DoS

67303 FreeType type42/t42parse.c t42_parse_sfnts Function Array Index Error FontTyp...

67302 FreeType base/ftstream.c FT_Stream_EnterFrame Function Crafted Font File Posi...

67301 FreeType ftmulti Demo Program ftmulti.c Crafted Font File Overflow

67011 FreeType2 Unspecified CFF Font Handling Arbitrary Code Execution

66468 FreeType Glyph Handling Crafted Font File Overflow

66467 FreeType pshinter/pshalgo.c psh_glyph_find_strong_points Function Invalid Fre...

66466 FreeType base/ftobjs.c Mac_Read_POST_Resource Function Crafted LaserWriter PS...

66465 FreeType smooth/ftgray.c gray_render_span Function Overflow

66464 FreeType base/ftobjs.c Mac_Read_POST_Resource Function Crafted Font File POST...

66463 FreeType truetype/ttinterp.c Ins_IUP Function TrueType Bytecode Support Overflow

66462 FreeType Demo Applications Crafted Font File Handling Multiple Overflows

Snort® IPS/IDS

Date Description
2017-08-23 FreeType PostScript Type1 font parsing memory corruption attempt
RuleID : 43677 - Revision : 2 - Type : FILE-PDF
2017-08-23 FreeType PostScript Type1 font parsing memory corruption attempt
RuleID : 43676 - Revision : 2 - Type : FILE-PDF
2014-05-24 Foxit Reader CFF CharStrings buffer overflow attempt
RuleID : 30771 - Revision : 2 - Type : FILE-PDF
2014-05-24 Foxit Reader CFF CharStrings buffer overflow attempt
RuleID : 30770 - Revision : 2 - Type : FILE-PDF

Nessus® Vulnerability Scanner

Date Description
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_freetype_20141107.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_libfxt_20141107.nasl - Type : ACT_GATHER_INFO
2014-11-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0622.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-8.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2011-96.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_freetype2-101013.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_freetype2-110303.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_freetype2-110722.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_freetype2-111216.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libfreetype6-100812.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_freetype2-110722.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_freetype2-111216.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-08.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-20.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0577.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0578.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0607.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0736.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0737.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0889.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1085.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1402.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1455.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0094.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100730_freetype_for_SL4.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100730_freetype_on_SL3.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100805_freetype_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101004_freetype_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101110_freetype_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101116_freetype_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110721_freetype_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111025_freetype_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111116_freetype_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-02-02 Name : The remote host is missing a Mac OS X update that fixes several security vuln...
File : macosx_10_7_3.nasl - Type : ACT_GATHER_INFO
2012-01-24 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-09.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_freetype2-111201.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_freetype2-7399.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_freetype2-7872.nasl - Type : ACT_GATHER_INFO
2011-12-05 Name : The remote Fedora host is missing a security update.
File : fedora_2011-15964.nasl - Type : ACT_GATHER_INFO
2011-11-29 Name : The remote Fedora host is missing a security update.
File : fedora_2011-15956.nasl - Type : ACT_GATHER_INFO
2011-11-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1455.nasl - Type : ACT_GATHER_INFO
2011-11-22 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2350.nasl - Type : ACT_GATHER_INFO
2011-11-22 Name : The remote Fedora host is missing a security update.
File : fedora_2011-15927.nasl - Type : ACT_GATHER_INFO
2011-11-22 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-177.nasl - Type : ACT_GATHER_INFO
2011-11-18 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1267-1.nasl - Type : ACT_GATHER_INFO
2011-11-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1455.nasl - Type : ACT_GATHER_INFO
2011-11-14 Name : The remote Fedora host is missing a security update.
File : fedora_2011-14749.nasl - Type : ACT_GATHER_INFO
2011-11-02 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_54075e3904ac11e1a94ebcaec565249c.nasl - Type : ACT_GATHER_INFO
2011-10-27 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-1402.nasl - Type : ACT_GATHER_INFO
2011-10-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1402.nasl - Type : ACT_GATHER_INFO
2011-10-25 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2328.nasl - Type : ACT_GATHER_INFO
2011-10-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-157.nasl - Type : ACT_GATHER_INFO
2011-10-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_7_2.nasl - Type : ACT_GATHER_INFO
2011-08-31 Name : The remote Fedora host is missing a security update.
File : fedora_2011-9525.nasl - Type : ACT_GATHER_INFO
2011-08-17 Name : The remote Fedora host is missing a security update.
File : fedora_2011-9542.nasl - Type : ACT_GATHER_INFO
2011-08-16 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2294.nasl - Type : ACT_GATHER_INFO
2011-08-12 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_5d374b01c3ee11e08aa5485d60cb5385.nasl - Type : ACT_GATHER_INFO
2011-07-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_freetype2-110726.nasl - Type : ACT_GATHER_INFO
2011-07-27 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-120.nasl - Type : ACT_GATHER_INFO
2011-07-26 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1173-1.nasl - Type : ACT_GATHER_INFO
2011-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1085.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_freetype2-110303.nasl - Type : ACT_GATHER_INFO
2011-04-19 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_freetype2-7366.nasl - Type : ACT_GATHER_INFO
2011-04-07 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_freetype2-110304.nasl - Type : ACT_GATHER_INFO
2011-03-22 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_6_7.nasl - Type : ACT_GATHER_INFO
2011-03-22 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2011-001.nasl - Type : ACT_GATHER_INFO
2011-02-01 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2155.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_freetype2-100812.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_freetype2-100927.nasl - Type : ACT_GATHER_INFO
2010-11-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0889.nasl - Type : ACT_GATHER_INFO
2010-11-22 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17728.nasl - Type : ACT_GATHER_INFO
2010-11-22 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17755.nasl - Type : ACT_GATHER_INFO
2010-11-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0864.nasl - Type : ACT_GATHER_INFO
2010-11-17 Name : The remote Fedora host is missing a security update.
File : fedora_2010-17742.nasl - Type : ACT_GATHER_INFO
2010-11-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0889.nasl - Type : ACT_GATHER_INFO
2010-11-16 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-236.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO
2010-11-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1013-1.nasl - Type : ACT_GATHER_INFO
2010-11-02 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15785.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15705.nasl - Type : ACT_GATHER_INFO
2010-10-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_freetype2-101013.nasl - Type : ACT_GATHER_INFO
2010-10-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_freetype2-101013.nasl - Type : ACT_GATHER_INFO
2010-10-14 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15878.nasl - Type : ACT_GATHER_INFO
2010-10-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-201.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12656.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_freetype2-7121.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_freetype2-7168.nasl - Type : ACT_GATHER_INFO
2010-10-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0736.nasl - Type : ACT_GATHER_INFO
2010-10-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0737.nasl - Type : ACT_GATHER_INFO
2010-10-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2116.nasl - Type : ACT_GATHER_INFO
2010-10-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0736.nasl - Type : ACT_GATHER_INFO
2010-10-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0737.nasl - Type : ACT_GATHER_INFO
2010-09-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2105.nasl - Type : ACT_GATHER_INFO
2010-08-27 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12630.nasl - Type : ACT_GATHER_INFO
2010-08-26 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_freetype2-100812.nasl - Type : ACT_GATHER_INFO
2010-08-26 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_freetype2-100812.nasl - Type : ACT_GATHER_INFO
2010-08-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-156.nasl - Type : ACT_GATHER_INFO
2010-08-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-157.nasl - Type : ACT_GATHER_INFO
2010-08-18 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-972-1.nasl - Type : ACT_GATHER_INFO
2010-08-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0577.nasl - Type : ACT_GATHER_INFO
2010-08-13 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-149.nasl - Type : ACT_GATHER_INFO
2010-08-09 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0607.nasl - Type : ACT_GATHER_INFO
2010-08-09 Name : A PDF viewer installed on the remote host is affected by a remote code execut...
File : foxit_reader_4_1_1_0805.nasl - Type : ACT_GATHER_INFO
2010-08-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0607.nasl - Type : ACT_GATHER_INFO
2010-08-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0578.nasl - Type : ACT_GATHER_INFO
2010-08-02 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0577.nasl - Type : ACT_GATHER_INFO
2010-08-02 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0578.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-137.nasl - Type : ACT_GATHER_INFO
2010-07-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-963-1.nasl - Type : ACT_GATHER_INFO
2010-07-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2070.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:37:09
  • Multiple Updates