Executive Summary
Summary | |
---|---|
Title | freetype security update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:0329 | First vendor Publication | 2009-05-22 |
Vendor | RedHat | Last vendor Modification | 2009-05-22 |
Severity (Vendor) | Important | Revision | 02 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946) Chris Evans discovered multiple integer overflow flaws in the FreeType font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2006-1861) An integer overflow flaw was found in the way the FreeType font engine processed TrueType® Font (TTF) files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2007-2754) A flaw was discovered in the FreeType TTF font-file format parser when the TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2008-1808) The CVE-2008-1808 flaw did not affect the freetype packages as distributed in Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType BCI support. A fix for this flaw has been included in this update as users may choose to recompile the freetype packages in order to enable TrueType BCI support. Red Hat does not, however, provide support for modified and recompiled packages. Note: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754, and CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403, and RHSA-2008:0556 respectively. This update provides corresponding updates for the FreeType 1 font engine, included in the freetype packages distributed in Red Hat Enterprise Linux 3 and 4. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 240200 - CVE-2007-2754 freetype integer overflow 450774 - CVE-2008-1808 FreeType off-by-one flaws 484437 - CVE-2006-1861 freetype: multiple integer overflow vulnerabilities 491384 - CVE-2009-0946 freetype: multiple integer overflows |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-0329.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
33 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10149 | |||
Oval ID: | oval:org.mitre.oval:def:10149 | ||
Title: | Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. | ||
Description: | Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0946 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11188 | |||
Oval ID: | oval:org.mitre.oval:def:11188 | ||
Title: | Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow. | ||
Description: | Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1808 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11325 | |||
Oval ID: | oval:org.mitre.oval:def:11325 | ||
Title: | Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. | ||
Description: | Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2754 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13395 | |||
Oval ID: | oval:org.mitre.oval:def:13395 | ||
Title: | DSA-1784-1 freetype -- integer overflows | ||
Description: | Tavis Ormandy discovered several integer overflows in FreeType, a library to process and access font files, resulting in heap- or stack-based buffer overflows leading to application crashes or the execution of arbitrary code via a crafted font file. For the oldstable distribution, this problem has been fixed in version 2.2.1-5+etch4. For the stable distribution, this problem has been fixed in version 2.3.7-2+lenny1. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 2.3.9-4.1. We recommend that you upgrade your freetype packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1784-1 CVE-2009-0946 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | freetype |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13797 | |||
Oval ID: | oval:org.mitre.oval:def:13797 | ||
Title: | USN-767-1 -- freetype vulnerability | ||
Description: | Tavis Ormandy discovered that FreeType did not correctly handle certain large values in font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-767-1 CVE-2009-0946 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 9.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | freetype |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17811 | |||
Oval ID: | oval:org.mitre.oval:def:17811 | ||
Title: | USN-643-1 -- freetype vulnerabilities | ||
Description: | Multiple flaws were discovered in the PFB and TTF font handling code in freetype. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-643-1 CVE-2008-1806 CVE-2008-1807 CVE-2008-1808 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | freetype |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18574 | |||
Oval ID: | oval:org.mitre.oval:def:18574 | ||
Title: | DSA-1302-1 freetype - integer overflow | ||
Description: | A problem was discovered in freetype, a FreeType2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1302-1 CVE-2007-2754 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | freetype |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19448 | |||
Oval ID: | oval:org.mitre.oval:def:19448 | ||
Title: | DSA-1635-1 freetype - multiple vulnerabilities | ||
Description: | Several local vulnerabilities have been discovered in freetype, a FreeType 2 font engine, which could allow the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1635-1 CVE-2008-1806 CVE-2008-1807 CVE-2008-1808 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | freetype |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21823 | |||
Oval ID: | oval:org.mitre.oval:def:21823 | ||
Title: | ELSA-2007:0403: freetype security update (Moderate) | ||
Description: | Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0403-02 CVE-2007-2754 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | freetype |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22715 | |||
Oval ID: | oval:org.mitre.oval:def:22715 | ||
Title: | ELSA-2008:0556: freetype security update (Important) | ||
Description: | Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via (1) a crafted table in a Printer Font Binary (PFB) file or (2) a crafted SHC instruction in a TrueType Font (TTF) file, which triggers a heap-based buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0556-02 CVE-2008-1806 CVE-2008-1807 CVE-2008-1808 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | freetype |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22787 | |||
Oval ID: | oval:org.mitre.oval:def:22787 | ||
Title: | ELSA-2009:1061: freetype security update (Important) | ||
Description: | Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1061-02 CVE-2009-0946 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | freetype |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29091 | |||
Oval ID: | oval:org.mitre.oval:def:29091 | ||
Title: | RHSA-2009:1061 -- freetype security update (Important) | ||
Description: | Updated freetype packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1061 CESA-2009:1061-CentOS 5 CVE-2009-0946 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | freetype |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5532 | |||
Oval ID: | oval:org.mitre.oval:def:5532 | ||
Title: | Security Vulnerability in FreeType 2 Font Engine May Allow Privilege Escalation Due to Heap Overflow | ||
Description: | Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2754 | Version: | 1 |
Platform(s): | Sun Solaris 8 Sun Solaris 9 Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7383 | |||
Oval ID: | oval:org.mitre.oval:def:7383 | ||
Title: | DSA-1635 freetype -- multiple vulnerabilities | ||
Description: | Several local vulnerabilities have been discovered in freetype, a FreeType 2 font engine, which could allow the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: An integer overflow allows context-dependent attackers to execute arbitrary code via a crafted set of values within the Private dictionary table in a Printer Font Binary (PFB) file. The handling of an invalid number of axes field in the PFB file could trigger the freeing of arbitrary memory locations, leading to memory corruption. Multiple off-by-one errors allowed the execution of arbitrary code via malformed tables in PFB files, or invalid SHC instructions in TTF files. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1635 CVE-2008-1806 CVE-2008-1807 CVE-2008-1808 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | freetype |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8224 | |||
Oval ID: | oval:org.mitre.oval:def:8224 | ||
Title: | DSA-1784 freetype -- integer overflows | ||
Description: | Tavis Ormandy discovered several integer overflows in FreeType, a library to process and access font files, resulting in heap- or stack-based buffer overflows leading to application crashes or the execution of arbitrary code via a crafted font file. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1784 CVE-2009-0946 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | freetype |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9124 | |||
Oval ID: | oval:org.mitre.oval:def:9124 | ||
Title: | Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493. | ||
Description: | Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-1861 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-10-03 | Name : Gentoo Security Advisory GLSA 201209-25 (vmware-server vmware-player vmware-w... File : nvt/glsa_201209_25.nasl |
2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
2011-08-09 | Name : CentOS Update for freetype CESA-2009:1061 centos5 i386 File : nvt/gb_CESA-2009_1061_freetype_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for freetype CESA-2009:0329 centos3 i386 File : nvt/gb_CESA-2009_0329_freetype_centos3_i386.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-01 (freetype) File : nvt/glsa_201006_01.nasl |
2010-05-12 | Name : Mac OS X Security Update 2009-001 File : nvt/macosx_secupd_2009-001.nasl |
2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:243-2 (freetype2) File : nvt/mdksa_2009_243_2.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : SLES10: Security update for freetype2 File : nvt/sles10_freetype2.nasl |
2009-10-13 | Name : SLES10: Security update for freetype2 File : nvt/sles10_freetype21.nasl |
2009-10-11 | Name : SLES11: Security update for freetype2 File : nvt/sles11_freetype2.nasl |
2009-10-10 | Name : SLES9: Security update for freetype2 File : nvt/sles9p5016218.nasl |
2009-10-10 | Name : SLES9: Security update for freetype2 File : nvt/sles9p5048794.nasl |
2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:243-1 (freetype2) File : nvt/mdksa_2009_243_1.nasl |
2009-09-28 | Name : Mandrake Security Advisory MDVSA-2009:243 (freetype2) File : nvt/mdksa_2009_243.nasl |
2009-06-05 | Name : Fedora Core 10 FEDORA-2009-5558 (freetype1) File : nvt/fcore_2009_5558.nasl |
2009-06-05 | Name : Fedora Core 11 FEDORA-2009-5644 (freetype1) File : nvt/fcore_2009_5644.nasl |
2009-06-05 | Name : Ubuntu USN-767-1 (freetype) File : nvt/ubuntu_767_1.nasl |
2009-05-25 | Name : CentOS Security Advisory CESA-2009:0329 (freetype) File : nvt/ovcesa2009_0329.nasl |
2009-05-25 | Name : RedHat Security Advisory RHSA-2009:1061 File : nvt/RHSA_2009_1061.nasl |
2009-05-25 | Name : CentOS Security Advisory CESA-2009:1061 (freetype) File : nvt/ovcesa2009_1061.nasl |
2009-05-25 | Name : Gentoo Security Advisory GLSA 200905-05 (freetype) File : nvt/glsa_200905_05.nasl |
2009-05-25 | Name : RedHat Security Advisory RHSA-2009:0329 File : nvt/RHSA_2009_0329.nasl |
2009-05-25 | Name : RedHat Security Advisory RHSA-2009:1062 File : nvt/RHSA_2009_1062.nasl |
2009-05-20 | Name : SuSE Security Summary SUSE-SR:2009:010 File : nvt/suse_sr_2009_010.nasl |
2009-05-05 | Name : Debian Security Advisory DSA 1784-1 (freetype) File : nvt/deb_1784_1.nasl |
2009-04-24 | Name : FreeType Multiple Integer Overflow Vulnerability (Linux) File : nvt/secpod_freetype_mult_int_overflow_vuln_lin.nasl |
2009-04-20 | Name : FreeBSD Ports: freetype2 File : nvt/freebsd_freetype22.nasl |
2009-04-09 | Name : Mandriva Update for freetype2 MDKSA-2007:121 (freetype2) File : nvt/gb_mandriva_MDKSA_2007_121.nasl |
2009-04-09 | Name : Mandriva Update for freetype2 MDVSA-2008:121 (freetype2) File : nvt/gb_mandriva_MDVSA_2008_121.nasl |
2009-03-23 | Name : Ubuntu Update for freetype vulnerabilities USN-643-1 File : nvt/gb_ubuntu_USN_643_1.nasl |
2009-03-23 | Name : Ubuntu Update for freetype vulnerability USN-466-1 File : nvt/gb_ubuntu_USN_466_1.nasl |
2009-03-06 | Name : RedHat Update for freetype RHSA-2008:0558-01 File : nvt/gb_RHSA-2008_0558-01_freetype.nasl |
2009-03-06 | Name : RedHat Update for freetype RHSA-2008:0556-01 File : nvt/gb_RHSA-2008_0556-01_freetype.nasl |
2009-02-27 | Name : CentOS Update for freetype CESA-2008:0556 centos4 x86_64 File : nvt/gb_CESA-2008_0556_freetype_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for freetype CESA-2008:0556 centos3 i386 File : nvt/gb_CESA-2008_0556_freetype_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for freetype CESA-2008:0556 centos3 x86_64 File : nvt/gb_CESA-2008_0556_freetype_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for freetype CESA-2008:0556 centos4 i386 File : nvt/gb_CESA-2008_0556_freetype_centos4_i386.nasl |
2009-02-27 | Name : Fedora Update for freetype FEDORA-2007-0033 File : nvt/gb_fedora_2007_0033_freetype_fc7.nasl |
2009-02-27 | Name : CentOS Update for freetype CESA-2008:0558-01 centos2 i386 File : nvt/gb_CESA-2008_0558-01_freetype_centos2_i386.nasl |
2009-02-17 | Name : Fedora Update for freetype FEDORA-2008-5425 File : nvt/gb_fedora_2008_5425_freetype_fc9.nasl |
2009-02-17 | Name : Fedora Update for freetype FEDORA-2008-5430 File : nvt/gb_fedora_2008_5430_freetype_fc8.nasl |
2009-01-28 | Name : SuSE Update for freetype2 SUSE-SA:2007:041 File : nvt/gb_suse_2007_041.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200806-10 (freetype) File : nvt/glsa_200806_10.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200607-02 (FreeType) File : nvt/glsa_200607_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200705-22 (freetype) File : nvt/glsa_200705_22.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200707-02 (openoffice) File : nvt/glsa_200707_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200710-09 (nx, nxnode) File : nvt/glsa_200710_09.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200805-07 (ltsp) File : nvt/glsa_200805_07.nasl |
2008-09-17 | Name : Debian Security Advisory DSA 1635-1 (freetype) File : nvt/deb_1635_1.nasl |
2008-09-04 | Name : FreeBSD Ports: freetype2 File : nvt/freebsd_freetype2.nasl |
2008-09-04 | Name : FreeBSD Ports: freetype2 File : nvt/freebsd_freetype20.nasl |
2008-09-04 | Name : FreeBSD Ports: freetype2 File : nvt/freebsd_freetype21.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1334-1 (freetype) File : nvt/deb_1334_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1095-1 (freetype) File : nvt/deb_1095_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2006-207-02 x11 File : nvt/esoft_slk_ssa_2006_207_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54070 | FreeType cff/cffload.c cff_charset_compute_cids() Function Overflow |
54069 | FreeType sfnt/ttcmap.c Multiple Validation Functions Overflow |
54068 | FreeType smooth/ftsmooth.c ft_smooth_render_generic() Function Overflow |
46178 | FreeType2 Library TrueType Font (TTF) Font Handling Off-by-one Overflow |
46177 | FreeType2 Library Printer Font Binary (PFB) Font Handling Off-by-one Overflow |
41726 | FreeType cff/cffgload.c Unspecified Overflow |
41725 | FreeType sfnt/ttcmap.c Unspecified Overflow |
41724 | FreeType bdf/bdflib.c Unspecified Overflow |
36509 | FreeType truetype/ttgload.c TTF Image Handling Overflow |
25654 | FreeType base/ftmac.c read_lwfn() Function LWFN File Handling Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2009-0012.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0403.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1061.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0329.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0556.nasl - Type : ACT_GATHER_INFO |
2012-10-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-25.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070611_freetype_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080620_freetype_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090522_freetype_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes security issues. File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO |
2010-06-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201006-01.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1061.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_freetype2-6181.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12398.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_freetype2-090416.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11554.nasl - Type : ACT_GATHER_INFO |
2009-09-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-243.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2008-0014.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_freetype2-090416.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_freetype2-090417.nasl - Type : ACT_GATHER_INFO |
2009-06-09 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4.0.nasl - Type : ACT_GATHER_INFO |
2009-05-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5644.nasl - Type : ACT_GATHER_INFO |
2009-05-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5558.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200905-05.nasl - Type : ACT_GATHER_INFO |
2009-05-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1062.nasl - Type : ACT_GATHER_INFO |
2009-05-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1061.nasl - Type : ACT_GATHER_INFO |
2009-05-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0329.nasl - Type : ACT_GATHER_INFO |
2009-05-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0329.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO |
2009-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_freetype2-6185.nasl - Type : ACT_GATHER_INFO |
2009-05-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1784.nasl - Type : ACT_GATHER_INFO |
2009-04-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-767-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-643-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-121.nasl - Type : ACT_GATHER_INFO |
2009-04-21 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_20b4f2842bfc11debdeb0030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-02-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-001.nasl - Type : ACT_GATHER_INFO |
2008-09-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1635.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4fb43b2f46a911dd9d3800163e000016.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0556.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0556.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0558.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200806-10.nasl - Type : ACT_GATHER_INFO |
2008-06-19 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5425.nasl - Type : ACT_GATHER_INFO |
2008-06-19 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5430.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_freetype2-3746.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-291-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-466-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0033.nasl - Type : ACT_GATHER_INFO |
2007-10-18 | Name : The remote openSUSE host is missing a security update. File : suse_NX-4555.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_freetype2-3744.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_freetype2-3701.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_freetype2-1608.nasl - Type : ACT_GATHER_INFO |
2007-10-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-09.nasl - Type : ACT_GATHER_INFO |
2007-07-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1334.nasl - Type : ACT_GATHER_INFO |
2007-07-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200707-02.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-121.nasl - Type : ACT_GATHER_INFO |
2007-06-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1302.nasl - Type : ACT_GATHER_INFO |
2007-06-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0403.nasl - Type : ACT_GATHER_INFO |
2007-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0403.nasl - Type : ACT_GATHER_INFO |
2007-06-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200705-22.nasl - Type : ACT_GATHER_INFO |
2007-05-25 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_de2fab2d0a3711dcaae200304881ac9a.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 124421-04 File : solaris8_x86_124421.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 124420-04 File : solaris8_124420.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 119813-24 File : solaris10_x86_119813.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 119812-22 File : solaris10_119812.nasl - Type : ACT_GATHER_INFO |
2006-12-16 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-129.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1095.nasl - Type : ACT_GATHER_INFO |
2006-10-05 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_b975763f521011db8f1a000a48049292.nasl - Type : ACT_GATHER_INFO |
2006-07-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2006-207-02.nasl - Type : ACT_GATHER_INFO |
2006-07-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0500.nasl - Type : ACT_GATHER_INFO |
2006-07-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0500.nasl - Type : ACT_GATHER_INFO |
2006-07-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200607-02.nasl - Type : ACT_GATHER_INFO |
2006-06-16 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-099.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:18 |
|