Executive Summary
Summary | |
---|---|
Title | New freetype packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-2105 | First vendor Publication | 2010-09-07 |
Vendor | Debian | Last vendor Modification | 2010-09-07 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities have been discovered in the FreeType font library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1797 Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. CVE-2010-2541 Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVE-2010-2805 The FT_Stream_EnterFrame function in base/ftstream.c in FreeType does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file CVE-2010-2806 Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. CVE-2010-2807 FreeType uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. CVE-2010-2808 Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. CVE-2010-3053 bdf/bdflib.c in FreeType allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string. For the stable distribution (lenny), these problems have been fixed in version 2.3.7-2+lenny3 For the unstable distribution (sid) and the testing distribution (squeeze), these problems have been fixed in version 2.4.2-1 We recommend that you upgrade your freetype package. |
Original Source
Url : http://www.debian.org/security/2010/dsa-2105 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
29 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
29 % | CWE-20 | Improper Input Validation |
14 % | CWE-681 | Incorrect Conversion between Numeric Types |
14 % | CWE-129 | Improper Validation of Array Index |
14 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12761 | |||
Oval ID: | oval:org.mitre.oval:def:12761 | ||
Title: | DSA-2105-1 freetype -- several | ||
Description: | Several vulnerabilities have been discovered in the FreeType font library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1797 Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType allow remote attackers to execute arbitrary code or cause a denial of service via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. CVE-2010-2541 Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font file. CVE-2010-2805 The FT_Stream_EnterFrame function in base/ftstream.c in FreeType does not properly validate certain position values, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font file CVE-2010-2806 Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType allows remote attackers to cause a denial of service or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. CVE-2010-2807 FreeType uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font file. CVE-2010-2808 Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File font. CVE-2010-3053 bdf/bdflib.c in FreeType allows remote attackers to cause a denial of service via a crafted BDF font file, related to an attempted modification of a value in a static string. For the stable distribution, these problems have been fixed in version 2.3.7-2+lenny3 For the unstable distribution and the testing distribution, these problems have been fixed in version 2.4.2-1 We recommend that you upgrade your freetype package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2105-1 CVE-2010-1797 CVE-2010-2541 CVE-2010-2805 CVE-2010-2806 CVE-2010-2807 CVE-2010-2808 CVE-2010-3053 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | freetype |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13149 | |||
Oval ID: | oval:org.mitre.oval:def:13149 | ||
Title: | USN-972-1 -- freetype vulnerabilities | ||
Description: | It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-972-1 CVE-2010-1797 CVE-2010-2541 CVE-2010-2805 CVE-2010-2806 CVE-2010-2807 CVE-2010-2808 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | freetype |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21490 | |||
Oval ID: | oval:org.mitre.oval:def:21490 | ||
Title: | RHSA-2010:0607: freetype security update (Important) | ||
Description: | Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0607-02 CESA-2010:0607 CVE-2010-1797 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | freetype |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22211 | |||
Oval ID: | oval:org.mitre.oval:def:22211 | ||
Title: | RHSA-2010:0578: freetype security update (Important) | ||
Description: | Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0578-01 CESA-2010:0578 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2527 CVE-2010-2541 | Version: | 81 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | freetype |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22696 | |||
Oval ID: | oval:org.mitre.oval:def:22696 | ||
Title: | ELSA-2010:0578: freetype security update (Important) | ||
Description: | Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0578-01 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2527 CVE-2010-2541 | Version: | 29 |
Platform(s): | Oracle Linux 5 | Product(s): | freetype |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22937 | |||
Oval ID: | oval:org.mitre.oval:def:22937 | ||
Title: | ELSA-2010:0607: freetype security update (Important) | ||
Description: | Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0607-02 CVE-2010-1797 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | freetype |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2010-08-24 | Foxit Reader <= 4.0 pdf Jailbreak Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2012-02-12 | Name : Gentoo Security Advisory GLSA 201201-09 (FreeType) File : nvt/glsa_201201_09.nasl |
2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
2011-08-09 | Name : CentOS Update for freetype CESA-2010:0578 centos5 i386 File : nvt/gb_CESA-2010_0578_freetype_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for freetype CESA-2010:0607 centos5 i386 File : nvt/gb_CESA-2010_0607_freetype_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for freetype CESA-2010:0737 centos5 i386 File : nvt/gb_CESA-2010_0737_freetype_centos5_i386.nasl |
2010-11-23 | Name : Fedora Update for freetype FEDORA-2010-17755 File : nvt/gb_fedora_2010_17755_freetype_fc12.nasl |
2010-11-23 | Name : Fedora Update for freetype FEDORA-2010-17728 File : nvt/gb_fedora_2010_17728_freetype_fc13.nasl |
2010-11-16 | Name : Fedora Update for freetype FEDORA-2010-15785 File : nvt/gb_fedora_2010_15785_freetype_fc12.nasl |
2010-10-22 | Name : Fedora Update for freetype FEDORA-2010-15705 File : nvt/gb_fedora_2010_15705_freetype_fc13.nasl |
2010-10-19 | Name : RedHat Update for freetype RHSA-2010:0736-01 File : nvt/gb_RHSA-2010_0736-01_freetype.nasl |
2010-10-19 | Name : RedHat Update for freetype RHSA-2010:0737-01 File : nvt/gb_RHSA-2010_0737-01_freetype.nasl |
2010-10-19 | Name : CentOS Update for freetype CESA-2010:0737 centos4 i386 File : nvt/gb_CESA-2010_0737_freetype_centos4_i386.nasl |
2010-10-19 | Name : CentOS Update for freetype CESA-2010:0736 centos3 i386 File : nvt/gb_CESA-2010_0736_freetype_centos3_i386.nasl |
2010-10-19 | Name : Mandriva Update for freetype2 MDVSA-2010:201 (freetype2) File : nvt/gb_mandriva_MDVSA_2010_201.nasl |
2010-09-01 | Name : FreeType Multiple denial of service vulnerabilities (Windows) File : nvt/secpod_freetype_mult_dos_vuln_win.nasl |
2010-08-24 | Name : Mandriva Update for freetype2 MDVSA-2010:156 (freetype2) File : nvt/gb_mandriva_MDVSA_2010_156.nasl |
2010-08-24 | Name : Mandriva Update for freetype2 MDVSA-2010:157 (freetype2) File : nvt/gb_mandriva_MDVSA_2010_157.nasl |
2010-08-20 | Name : CentOS Update for freetype CESA-2010:0577 centos3 i386 File : nvt/gb_CESA-2010_0577_freetype_centos3_i386.nasl |
2010-08-20 | Name : Ubuntu Update for freetype vulnerabilities USN-972-1 File : nvt/gb_ubuntu_USN_972_1.nasl |
2010-08-20 | Name : CentOS Update for freetype CESA-2010:0607 centos3 i386 File : nvt/gb_CESA-2010_0607_freetype_centos3_i386.nasl |
2010-08-13 | Name : Mandriva Update for freetype2 MDVSA-2010:149 (freetype2) File : nvt/gb_mandriva_MDVSA_2010_149.nasl |
2010-08-06 | Name : RedHat Update for freetype RHSA-2010:0607-02 File : nvt/gb_RHSA-2010_0607-02_freetype.nasl |
2010-08-02 | Name : RedHat Update for freetype RHSA-2010:0578-01 File : nvt/gb_RHSA-2010_0578-01_freetype.nasl |
2010-08-02 | Name : RedHat Update for freetype RHSA-2010:0577-01 File : nvt/gb_RHSA-2010_0577-01_freetype.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
67306 | FreeType bdf/bdflib.c Crafted BDF Font File Handling DoS |
67305 | FreeType base/ftobjs.c Mac_Read_POST_Resource Function Crafted LWFN Font Hand... |
67304 | FreeType Bounds Checking Integer Data Type Crafted Font File DoS |
67303 | FreeType type42/t42parse.c t42_parse_sfnts Function Array Index Error FontTyp... |
67302 | FreeType base/ftstream.c FT_Stream_EnterFrame Function Crafted Font File Posi... |
67301 | FreeType ftmulti Demo Program ftmulti.c Crafted Font File Overflow |
67011 | FreeType2 Unspecified CFF Font Handling Arbitrary Code Execution |
Snort® IPS/IDS
Date | Description |
---|---|
2014-05-24 | Foxit Reader CFF CharStrings buffer overflow attempt RuleID : 30771 - Revision : 2 - Type : FILE-PDF |
2014-05-24 | Foxit Reader CFF CharStrings buffer overflow attempt RuleID : 30770 - Revision : 2 - Type : FILE-PDF |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0622.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_freetype2-101013.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libfreetype6-100812.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0737.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0736.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0607.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0578.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0577.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_freetype_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101004_freetype_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100805_freetype_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100730_freetype_on_SL3.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100730_freetype_for_SL4.nasl - Type : ACT_GATHER_INFO |
2012-01-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201201-09.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_freetype2-100812.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_freetype2-100927.nasl - Type : ACT_GATHER_INFO |
2010-11-22 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17728.nasl - Type : ACT_GATHER_INFO |
2010-11-22 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17755.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0864.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes security issues. File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO |
2010-11-02 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15785.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15705.nasl - Type : ACT_GATHER_INFO |
2010-10-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_freetype2-101013.nasl - Type : ACT_GATHER_INFO |
2010-10-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_freetype2-101013.nasl - Type : ACT_GATHER_INFO |
2010-10-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-201.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_freetype2-7121.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_freetype2-7168.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12656.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0736.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0737.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0736.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0737.nasl - Type : ACT_GATHER_INFO |
2010-09-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2105.nasl - Type : ACT_GATHER_INFO |
2010-08-27 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12630.nasl - Type : ACT_GATHER_INFO |
2010-08-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_freetype2-100812.nasl - Type : ACT_GATHER_INFO |
2010-08-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_freetype2-100812.nasl - Type : ACT_GATHER_INFO |
2010-08-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-156.nasl - Type : ACT_GATHER_INFO |
2010-08-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-157.nasl - Type : ACT_GATHER_INFO |
2010-08-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-972-1.nasl - Type : ACT_GATHER_INFO |
2010-08-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0577.nasl - Type : ACT_GATHER_INFO |
2010-08-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-149.nasl - Type : ACT_GATHER_INFO |
2010-08-09 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0607.nasl - Type : ACT_GATHER_INFO |
2010-08-09 | Name : A PDF viewer installed on the remote host is affected by a remote code execut... File : foxit_reader_4_1_1_0805.nasl - Type : ACT_GATHER_INFO |
2010-08-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0607.nasl - Type : ACT_GATHER_INFO |
2010-08-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0578.nasl - Type : ACT_GATHER_INFO |
2010-08-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0578.nasl - Type : ACT_GATHER_INFO |
2010-08-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0577.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:29:39 |
|