Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2013:039 | First vendor Publication | 2013-04-05 |
Vendor | Mandriva | Last vendor Modification | 2013-04-05 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Updated freetype2 packages fixes security vulnerabilities: A null pointer de-reference flaw was found in the way Freetype font rendering engine handled Glyph bitmap distribution format (BDF) fonts. A remote attacker could provide a specially-crafted BDF font file, which once processed in an application linked against FreeType would lead to that application crash (CVE-2012-5668). An out-of heap-based buffer read flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially-crafted BDF font file, which once opened in an application linked against FreeType would lead to that application crash (CVE-2012-5669). An out-of heap-based buffer write flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially-crafted font file, which once opened in an application linked against FreeType would lead to that application crash, or, potentially, arbitrary code execution with the privileges of the user running the application (CVE-2012-5670). |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:039 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18237 | |||
Oval ID: | oval:org.mitre.oval:def:18237 | ||
Title: | USN-1686-1 -- freetype vulnerabilities | ||
Description: | FreeType could be made to crash or run programs as your login if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1686-1 CVE-2012-5668 CVE-2012-5669 CVE-2012-5670 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | freetype |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20791 | |||
Oval ID: | oval:org.mitre.oval:def:20791 | ||
Title: | RHSA-2013:0216: freetype security update (Important) | ||
Description: | The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0216-02 CESA-2013:0216 CVE-2012-5669 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | freetype |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23146 | |||
Oval ID: | oval:org.mitre.oval:def:23146 | ||
Title: | DEPRECATED: ELSA-2013:0216: freetype security update (Important) | ||
Description: | The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0216-02 CVE-2012-5669 | Version: | 7 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | freetype |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23818 | |||
Oval ID: | oval:org.mitre.oval:def:23818 | ||
Title: | ELSA-2013:0216: freetype security update (Important) | ||
Description: | The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0216-02 CVE-2012-5669 | Version: | 6 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | freetype |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27471 | |||
Oval ID: | oval:org.mitre.oval:def:27471 | ||
Title: | DEPRECATED: ELSA-2013-0216 -- freetype security update (important) | ||
Description: | [2.3.11-14.el6_3.1] - Fix CVE-2012-5669 (Use correct array size for checking 'glyph_enc') - Resolves: #903542 [2.3.11-14] - A little change in configure part - Related: #723468 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0216 CVE-2012-5669 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | freetype |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-02-03 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15095307.nasl - Type : ACT_GATHER_INFO |
2015-03-20 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2015-0036.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_freetype_20140415.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-44.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-42.nasl - Type : ACT_GATHER_INFO |
2014-02-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201402-16.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-150.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0216.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-039.nasl - Type : ACT_GATHER_INFO |
2013-02-13 | Name : The remote Fedora host is missing a security update. File : fedora_2013-1466.nasl - Type : ACT_GATHER_INFO |
2013-02-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-006.nasl - Type : ACT_GATHER_INFO |
2013-02-05 | Name : The remote Fedora host is missing a security update. File : fedora_2013-1492.nasl - Type : ACT_GATHER_INFO |
2013-02-04 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130131_freetype_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-02-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0216.nasl - Type : ACT_GATHER_INFO |
2013-02-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0216.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_freetype2-130115.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_freetype2-8433.nasl - Type : ACT_GATHER_INFO |
2013-01-16 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-015-01.nasl - Type : ACT_GATHER_INFO |
2013-01-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1686-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:43:23 |
|
2013-04-05 17:17:20 |
|