Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2011-0226 First vendor Publication 2011-07-19
Vendor Cve Last vendor Modification 2011-10-26

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0226

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13897
 
Oval ID: oval:org.mitre.oval:def:13897
Title: USN-1173-1 -- freetype vulnerability
Description: freetype: FreeType 2 is a font engine library FreeType could be made to run programs as your login if it opened a specially crafted font file.
Family: unix Class: patch
Reference(s): USN-1173-1
CVE-2011-0226
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 10.10
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15136
 
Oval ID: oval:org.mitre.oval:def:15136
Title: DSA-2294-1 freetype -- missing input sanisiting
Description: It was discovered that insufficient input saniting in Freetype's code to parse Type1 could lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2294-1
CVE-2011-0226
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21160
 
Oval ID: oval:org.mitre.oval:def:21160
Title: RHSA-2011:1085: freetype security update (Important)
Description: Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
Family: unix Class: patch
Reference(s): RHSA-2011:1085-01
CVE-2011-0226
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23655
 
Oval ID: oval:org.mitre.oval:def:23655
Title: ELSA-2011:1085: freetype security update (Important)
Description: Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
Family: unix Class: patch
Reference(s): ELSA-2011:1085-01
CVE-2011-0226
Version: 6
Platform(s): Oracle Linux 6
Product(s): freetype
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27706
 
Oval ID: oval:org.mitre.oval:def:27706
Title: DEPRECATED: ELSA-2011-1085 -- freetype security update (important)
Description: [2.3.11-6.el6_1.6] - A little change in configure part - Resolves: #723467 [2.3.11-6.el6_1.5] - Use -fno-strict-aliasing instead of __attribute__((__may_alias__)) - Resolves: #723467 [2.3.11-6.el6_1.4] - Allow FT_Glyph to alias (to pass Rpmdiff) - Resolves: #723467 [2.3.11-6.el6_1.3] - Add freetype-2.3.11-CVE-2011-0226.patch (Add better argument check for 'callothersubr'.) - based on patches by Werner Lemberg, Alexei Podtelezhnikov and Matthias Drochner - Resolves: #723467
Family: unix Class: patch
Reference(s): ELSA-2011-1085
CVE-2011-0226
Version: 4
Platform(s): Oracle Linux 6
Product(s): freetype
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 46
Os 104

OpenVAS Exploits

Date Description
2012-06-06 Name : RedHat Update for freetype RHSA-2011:1085-01
File : nvt/gb_RHSA-2011_1085-01_freetype.nasl
2012-04-26 Name : Fedora Update for freetype FEDORA-2012-5422
File : nvt/gb_fedora_2012_5422_freetype_fc15.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201201-09 (FreeType)
File : nvt/glsa_201201_09.nasl
2011-12-05 Name : Fedora Update for freetype FEDORA-2011-15964
File : nvt/gb_fedora_2011_15964_freetype_fc15.nasl
2011-12-02 Name : Fedora Update for freetype FEDORA-2011-15956
File : nvt/gb_fedora_2011_15956_freetype_fc14.nasl
2011-11-11 Name : Fedora Update for freetype FEDORA-2011-14749
File : nvt/gb_fedora_2011_14749_freetype_fc15.nasl
2011-10-20 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006)
File : nvt/gb_macosx_su11-006.nasl
2011-09-21 Name : Debian Security Advisory DSA 2294-1 (freetype)
File : nvt/deb_2294_1.nasl
2011-09-21 Name : FreeBSD Ports: freetype2
File : nvt/freebsd_freetype23.nasl
2011-09-07 Name : Fedora Update for freetype FEDORA-2011-9525
File : nvt/gb_fedora_2011_9525_freetype_fc14.nasl
2011-08-02 Name : Mandriva Update for freetype2 MDVSA-2011:120 (freetype2)
File : nvt/gb_mandriva_MDVSA_2011_120.nasl
2011-07-27 Name : Ubuntu Update for freetype USN-1173-1
File : nvt/gb_ubuntu_USN_1173_1.nasl
0000-00-00 Name : FreeBSD Ports: freetype2
File : nvt/freebsd_freetype24.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
73661 FreeType t1_decoder_parse_charstrings() Function PostScript Type1 Font Handli...

A memory corruption flaw exists in FreeType. The t1_decoder_parse_charstrings() Function fails to sanitize user-supplied input when handling PostScript Type1 fonts, resulting in memory corruption. With a specially crafted PostScript Type1 font, a context-dependent attacker can execute arbitrary code.

Snort® IPS/IDS

Date Description
2017-08-23 FreeType PostScript Type1 font parsing memory corruption attempt
RuleID : 43677 - Revision : 2 - Type : FILE-PDF
2017-08-23 FreeType PostScript Type1 font parsing memory corruption attempt
RuleID : 43676 - Revision : 2 - Type : FILE-PDF

Nessus® Vulnerability Scanner

Date Description
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_libfxt_20141107.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_freetype2-110722.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_freetype2-110722.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-08.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1085.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110721_freetype_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-01-24 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-09.nasl - Type : ACT_GATHER_INFO
2011-10-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_7_2.nasl - Type : ACT_GATHER_INFO
2011-08-31 Name : The remote Fedora host is missing a security update.
File : fedora_2011-9525.nasl - Type : ACT_GATHER_INFO
2011-08-17 Name : The remote Fedora host is missing a security update.
File : fedora_2011-9542.nasl - Type : ACT_GATHER_INFO
2011-08-16 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2294.nasl - Type : ACT_GATHER_INFO
2011-08-12 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_5d374b01c3ee11e08aa5485d60cb5385.nasl - Type : ACT_GATHER_INFO
2011-07-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_freetype2-110726.nasl - Type : ACT_GATHER_INFO
2011-07-27 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-120.nasl - Type : ACT_GATHER_INFO
2011-07-26 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1173-1.nasl - Type : ACT_GATHER_INFO
2011-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1085.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
APPLE http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html
http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
BID http://www.securityfocus.com/bid/48619
CONFIRM http://support.apple.com/kb/HT4802
http://support.apple.com/kb/HT4803
http://support.apple.com/kb/HT5002
DEBIAN http://www.debian.org/security/2011/dsa-2294
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2011:120
MISC http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_bas...
MLIST http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html
REDHAT http://www.redhat.com/support/errata/RHSA-2011-1085.html
SECUNIA http://secunia.com/advisories/45167
http://secunia.com/advisories/45224
SUSE http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2021-01-27 12:06:37
  • Multiple Updates
2021-01-27 01:06:18
  • Multiple Updates
2020-05-23 01:43:42
  • Multiple Updates
2020-05-23 00:27:36
  • Multiple Updates
2019-09-27 12:03:45
  • Multiple Updates
2018-11-15 12:03:27
  • Multiple Updates
2018-04-07 12:03:39
  • Multiple Updates
2018-04-06 01:01:32
  • Multiple Updates
2016-04-26 20:28:39
  • Multiple Updates
2015-01-21 13:24:45
  • Multiple Updates
2014-06-14 13:30:05
  • Multiple Updates
2014-02-17 10:59:44
  • Multiple Updates
2013-05-10 22:52:29
  • Multiple Updates