Executive Summary
Summary | |
---|---|
Title | FreeType vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-1013-1 | First vendor Publication | 2010-11-04 |
Vendor | Ubuntu | Last vendor Modification | 2010-11-04 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 8.04 LTS: Ubuntu 9.10: Ubuntu 10.04 LTS: Ubuntu 10.10: After a standard system update you need to restart your session to make all the necessary changes. Details follow: Marc Schoenefeld discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3311) Chris Evans discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. (CVE-2010-3814) It was discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. (CVE-2010-3855) |
Original Source
Url : http://www.ubuntu.com/usn/USN-1013-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12409 | |||
Oval ID: | oval:org.mitre.oval:def:12409 | ||
Title: | DSA-2155-1 freetype -- several | ||
Description: | Two buffer overflows were found in the Freetype font library, which could lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2155-1 CVE-2010-3814 CVE-2010-3855 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | freetype |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13123 | |||
Oval ID: | oval:org.mitre.oval:def:13123 | ||
Title: | USN-1013-1 -- freetype vulnerabilities | ||
Description: | Marc Schoenefeld discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. Chris Evans discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. It was discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1013-1 CVE-2010-3311 CVE-2010-3814 CVE-2010-3855 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 | Product(s): | freetype |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22238 | |||
Oval ID: | oval:org.mitre.oval:def:22238 | ||
Title: | RHSA-2010:0864: freetype security update (Important) | ||
Description: | Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0864-02 CVE-2010-2805 CVE-2010-2806 CVE-2010-2808 CVE-2010-3311 | Version: | 55 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | freetype |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22278 | |||
Oval ID: | oval:org.mitre.oval:def:22278 | ||
Title: | RHSA-2010:0889: freetype security update (Important) | ||
Description: | Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0889-01 CESA-2010:0889 CVE-2010-3855 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | freetype |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22379 | |||
Oval ID: | oval:org.mitre.oval:def:22379 | ||
Title: | RHSA-2010:0737: freetype security update (Important) | ||
Description: | Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0737-01 CESA-2010:0737 CVE-2010-2806 CVE-2010-2808 CVE-2010-3054 CVE-2010-3311 | Version: | 55 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | freetype |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23017 | |||
Oval ID: | oval:org.mitre.oval:def:23017 | ||
Title: | ELSA-2010:0737: freetype security update (Important) | ||
Description: | Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0737-01 CVE-2010-2806 CVE-2010-2808 CVE-2010-3054 CVE-2010-3311 | Version: | 21 |
Platform(s): | Oracle Linux 5 | Product(s): | freetype |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23180 | |||
Oval ID: | oval:org.mitre.oval:def:23180 | ||
Title: | DEPRECATED: ELSA-2010:0889: freetype security update (Important) | ||
Description: | Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0889-01 CVE-2010-3855 | Version: | 7 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | freetype |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23494 | |||
Oval ID: | oval:org.mitre.oval:def:23494 | ||
Title: | ELSA-2010:0864: freetype security update (Important) | ||
Description: | Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0864-02 CVE-2010-2805 CVE-2010-2806 CVE-2010-2808 CVE-2010-3311 | Version: | 21 |
Platform(s): | Oracle Linux 6 | Product(s): | freetype |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23556 | |||
Oval ID: | oval:org.mitre.oval:def:23556 | ||
Title: | ELSA-2010:0889: freetype security update (Important) | ||
Description: | Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0889-01 CVE-2010-3855 | Version: | 6 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | freetype |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-02-12 | Name : Gentoo Security Advisory GLSA 201201-09 (FreeType) File : nvt/glsa_201201_09.nasl |
2011-12-02 | Name : Fedora Update for freetype FEDORA-2011-15956 File : nvt/gb_fedora_2011_15956_freetype_fc14.nasl |
2011-09-07 | Name : Fedora Update for freetype FEDORA-2011-9525 File : nvt/gb_fedora_2011_9525_freetype_fc14.nasl |
2011-08-26 | Name : Mac OS X v10.6.6 Multiple Vulnerabilities (2011-001) File : nvt/secpod_macosx_su11-001.nasl |
2011-08-09 | Name : CentOS Update for freetype CESA-2010:0737 centos5 i386 File : nvt/gb_CESA-2010_0737_freetype_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for freetype CESA-2010:0889 centos5 i386 File : nvt/gb_CESA-2010_0889_freetype_centos5_i386.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2155-1 (freetype) File : nvt/deb_2155_1.nasl |
2010-12-02 | Name : Fedora Update for freetype FEDORA-2010-15878 File : nvt/gb_fedora_2010_15878_freetype_fc14.nasl |
2010-12-02 | Name : Fedora Update for freetype FEDORA-2010-17742 File : nvt/gb_fedora_2010_17742_freetype_fc14.nasl |
2010-11-23 | Name : RedHat Update for freetype RHSA-2010:0889-01 File : nvt/gb_RHSA-2010_0889-01_freetype.nasl |
2010-11-23 | Name : Fedora Update for freetype FEDORA-2010-17728 File : nvt/gb_fedora_2010_17728_freetype_fc13.nasl |
2010-11-23 | Name : Fedora Update for freetype FEDORA-2010-17755 File : nvt/gb_fedora_2010_17755_freetype_fc12.nasl |
2010-11-23 | Name : CentOS Update for freetype CESA-2010:0889 centos4 i386 File : nvt/gb_CESA-2010_0889_freetype_centos4_i386.nasl |
2010-11-23 | Name : Mandriva Update for freetype2 MDVSA-2010:236 (freetype2) File : nvt/gb_mandriva_MDVSA_2010_236.nasl |
2010-11-16 | Name : Fedora Update for freetype FEDORA-2010-15785 File : nvt/gb_fedora_2010_15785_freetype_fc12.nasl |
2010-11-16 | Name : Ubuntu Update for freetype vulnerabilities USN-1013-1 File : nvt/gb_ubuntu_USN_1013_1.nasl |
2010-10-22 | Name : Fedora Update for freetype FEDORA-2010-15705 File : nvt/gb_fedora_2010_15705_freetype_fc13.nasl |
2010-10-19 | Name : RedHat Update for freetype RHSA-2010:0737-01 File : nvt/gb_RHSA-2010_0737-01_freetype.nasl |
2010-10-19 | Name : RedHat Update for freetype RHSA-2010:0736-01 File : nvt/gb_RHSA-2010_0736-01_freetype.nasl |
2010-10-19 | Name : Mandriva Update for freetype2 MDVSA-2010:201 (freetype2) File : nvt/gb_mandriva_MDVSA_2010_201.nasl |
2010-10-19 | Name : CentOS Update for freetype CESA-2010:0737 centos4 i386 File : nvt/gb_CESA-2010_0737_freetype_centos4_i386.nasl |
2010-10-19 | Name : CentOS Update for freetype CESA-2010:0736 centos3 i386 File : nvt/gb_CESA-2010_0736_freetype_centos3_i386.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70334 | FreeType libXft base/ftstream.c CFF File Handling Overflow FreeType is prone to an overflow condition. 'base/ftstream.c' in libXft fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted CFF font file, a context-dependent attacker can potentially cause a further heap-based buffer overflow, allowing them to execute arbitrary code. |
69513 | FreeType ttinterp.c Ins_SHZ Function Crafted SHZ Bytecode Overflow FreeType is prone to an overflow condition. The 'Ins_SHZ' function in 'ttinterp.c' fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted SHZ bytecode instruction, such as in a PDF document with a specially crafted font, a context-dependent attacker can potentially execute arbitrary code. |
68704 | FreeType src/truetype/ttgxvar.c ft_var_readpackedpoints() Function TrueType G... FreeType is prone to an overflow condition. The 'ft_var_readpackedpoints()' function in 'truetype/ttgxvar.c' fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted TrueType GX font, a context-dependent attacker can potentially execute arbitrary code. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_freetype2-110303.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_freetype2-101013.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0737.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0889.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0736.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_freetype_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101004_freetype_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101116_freetype_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-01-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201201-09.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_freetype2-7399.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_freetype2-110303.nasl - Type : ACT_GATHER_INFO |
2011-04-19 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_freetype2-7366.nasl - Type : ACT_GATHER_INFO |
2011-04-07 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_freetype2-110304.nasl - Type : ACT_GATHER_INFO |
2011-03-22 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_6_7.nasl - Type : ACT_GATHER_INFO |
2011-03-22 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-001.nasl - Type : ACT_GATHER_INFO |
2011-02-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2155.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_freetype2-100927.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0889.nasl - Type : ACT_GATHER_INFO |
2010-11-22 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17755.nasl - Type : ACT_GATHER_INFO |
2010-11-22 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17728.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0864.nasl - Type : ACT_GATHER_INFO |
2010-11-17 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17742.nasl - Type : ACT_GATHER_INFO |
2010-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0889.nasl - Type : ACT_GATHER_INFO |
2010-11-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-236.nasl - Type : ACT_GATHER_INFO |
2010-11-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1013-1.nasl - Type : ACT_GATHER_INFO |
2010-11-02 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15785.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15705.nasl - Type : ACT_GATHER_INFO |
2010-10-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_freetype2-101013.nasl - Type : ACT_GATHER_INFO |
2010-10-15 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_freetype2-101013.nasl - Type : ACT_GATHER_INFO |
2010-10-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-201.nasl - Type : ACT_GATHER_INFO |
2010-10-14 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15878.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12656.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_freetype2-7168.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0736.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0737.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0736.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2116.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0737.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:58:03 |
|