9.3 - USN-1173-1

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	FreeType vulnerability

Informations
Name	USN-1173-1	First vendor Publication	2011-07-25
Vendor	Ubuntu	Last vendor Modification	2011-07-25
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04 - Ubuntu 10.10

Summary:

FreeType could be made to run programs as your login if it opened a specially crafted font file.

Software Description: - freetype: FreeType 2 is a font engine library

Details:

It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.04:
libfreetype6 2.4.4-1ubuntu2.1

Ubuntu 10.10:
libfreetype6 2.4.2-2ubuntu0.2

After a standard system update you need to restart your session to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1173-1
CVE-2011-0226

Package Information:
https://launchpad.net/ubuntu/+source/freetype/2.4.4-1ubuntu2.1
https://launchpad.net/ubuntu/+source/freetype/2.4.2-2ubuntu0.2

Original Source

Url : http://www.ubuntu.com/usn/USN-1173-1

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-189	Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13897

Oval ID:	oval:org.mitre.oval:def:13897
Title:	USN-1173-1 -- freetype vulnerability
Description:	freetype: FreeType 2 is a font engine library FreeType could be made to run programs as your login if it opened a specially crafted font file.
Family:	unix	Class:	patch
Reference(s):	USN-1173-1 CVE-2011-0226	Version:	5
Platform(s):	Ubuntu 11.04 Ubuntu 10.10	Product(s):	freetype
Definition Synopsis:
Release section Ubuntu 11.04 is installed AND Installed architecture is all AND libfreetype6 DPKG is earlier than 2.4.4-1ubuntu2.1 OR Release section Ubuntu 10.10 is installed AND Installed architecture is all AND libfreetype6 DPKG is earlier than 2.4.2-2ubuntu0.2

Definition Id: oval:org.mitre.oval:def:15136

Oval ID:	oval:org.mitre.oval:def:15136
Title:	DSA-2294-1 freetype -- missing input sanisiting
Description:	It was discovered that insufficient input saniting in Freetype's code to parse Type1 could lead to the execution of arbitrary code.
Family:	unix	Class:	patch
Reference(s):	DSA-2294-1 CVE-2011-0226	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0	Product(s):	freetype
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND freetype DPKG is earlier than 2.3.7-2+lenny6 OR Release section Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed AND Debian GNU/kFreeBSD is installed AND Installed architecture is all AND freetype DPKG is earlier than 2.4.2-2.1+squeeze1

Definition Id: oval:org.mitre.oval:def:21160

Oval ID:	oval:org.mitre.oval:def:21160
Title:	RHSA-2011:1085: freetype security update (Important)
Description:	Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
Family:	unix	Class:	patch
Reference(s):	RHSA-2011:1085-01 CVE-2011-0226	Version:	4
Platform(s):	Red Hat Enterprise Linux 6	Product(s):	freetype
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section freetype-demos is earlier than 0:2.3.11-6.el6_1.6 AND freetype is earlier than 0:2.3.11-6.el6_1.6 AND freetype-devel is earlier than 0:2.3.11-6.el6_1.6

Definition Id: oval:org.mitre.oval:def:23655

Oval ID:	oval:org.mitre.oval:def:23655
Title:	ELSA-2011:1085: freetype security update (Important)
Description:	Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
Family:	unix	Class:	patch
Reference(s):	ELSA-2011:1085-01 CVE-2011-0226	Version:	6
Platform(s):	Oracle Linux 6	Product(s):	freetype
Definition Synopsis:
Oracle Linux 6.x rpm test freetype-demos is earlier than 0:2.3.11-6.el6_1.6 AND freetype is earlier than 0:2.3.11-6.el6_1.6 AND freetype-devel is earlier than 0:2.3.11-6.el6_1.6

Definition Id: oval:org.mitre.oval:def:27706

Oval ID:	oval:org.mitre.oval:def:27706
Title:	DEPRECATED: ELSA-2011-1085 -- freetype security update (important)
Description:	[2.3.11-6.el6_1.6] - A little change in configure part - Resolves: #723467 [2.3.11-6.el6_1.5] - Use -fno-strict-aliasing instead of __attribute__((__may_alias__)) - Resolves: #723467 [2.3.11-6.el6_1.4] - Allow FT_Glyph to alias (to pass Rpmdiff) - Resolves: #723467 [2.3.11-6.el6_1.3] - Add freetype-2.3.11-CVE-2011-0226.patch (Add better argument check for 'callothersubr'.) - based on patches by Werner Lemberg, Alexei Podtelezhnikov and Matthias Drochner - Resolves: #723467
Family:	unix	Class:	patch
Reference(s):	ELSA-2011-1085 CVE-2011-0226	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	freetype
Definition Synopsis:
Oracle Linux 6.x Packages match section freetype is earlier than 0:2.3.11-6.el6_1.6 AND freetype-demos is earlier than 0:2.3.11-6.el6_1.6 AND freetype-devel is earlier than 0:2.3.11-6.el6_1.6

CPE : Common Platform Enumeration

Type	Description	Count
Application	Freetype cpe:2.3:a:freetype:freetype:2.4.5:::::::* cpe:2.3:a:freetype:freetype:2.4.4:::::::* cpe:2.3:a:freetype:freetype:2.4.3:::::::* cpe:2.3:a:freetype:freetype:2.4.2:::::::* cpe:2.3:a:freetype:freetype:2.4.1:::::::* cpe:2.3:a:freetype:freetype:2.4.0:::::::* cpe:2.3:a:freetype:freetype:2.3.9:::::::* cpe:2.3:a:freetype:freetype:2.3.8:::::::* cpe:2.3:a:freetype:freetype:2.3.7:::::::* cpe:2.3:a:freetype:freetype:2.3.6:::::::* cpe:2.3:a:freetype:freetype:2.3.5:::::::* cpe:2.3:a:freetype:freetype:2.3.4:::::::* cpe:2.3:a:freetype:freetype:2.3.3:::::::* cpe:2.3:a:freetype:freetype:2.3.2:::::::* cpe:2.3:a:freetype:freetype:2.3.12:::::::* cpe:2.3:a:freetype:freetype:2.3.11:::::::* cpe:2.3:a:freetype:freetype:2.3.10:::::::* cpe:2.3:a:freetype:freetype:2.3.1:::::::* cpe:2.3:a:freetype:freetype:2.3.0:-:::::: cpe:2.3:a:freetype:freetype:2.2.10:::::::* cpe:2.3:a:freetype:freetype:2.2.1:::::::* cpe:2.3:a:freetype:freetype:2.2.0:-:::::: cpe:2.3:a:freetype:freetype:2.2.0:::::::* cpe:2.3:a:freetype:freetype:2.1.9:::::::* cpe:2.3:a:freetype:freetype:2.1.8:-:::::: cpe:2.3:a:freetype:freetype:2.1.8:rc1:::::: cpe:2.3:a:freetype:freetype:2.1.7:::::::* cpe:2.3:a:freetype:freetype:2.1.6:::::::* cpe:2.3:a:freetype:freetype:2.1.5:-:::::: cpe:2.3:a:freetype:freetype:2.1.4:-:::::: cpe:2.3:a:freetype:freetype:2.1.3:::::::* cpe:2.3:a:freetype:freetype:2.1.10:::::::* cpe:2.3:a:freetype:freetype:2.1:::::::* cpe:2.3:a:freetype:freetype:2.0.9:::::::* cpe:2.3:a:freetype:freetype:2.0.8:::::::* cpe:2.3:a:freetype:freetype:2.0.7:::::::* cpe:2.3:a:freetype:freetype:2.0.6:::::::* cpe:2.3:a:freetype:freetype:2.0.5:::::::* cpe:2.3:a:freetype:freetype:2.0.4:::::::* cpe:2.3:a:freetype:freetype:2.0.3:::::::* cpe:2.3:a:freetype:freetype:2.0.2:::::::* cpe:2.3:a:freetype:freetype:2.0.1:::::::* cpe:2.3:a:freetype:freetype:2.0.0:-:::::: cpe:2.3:a:freetype:freetype:2.0.0:::::::* cpe:2.3:a:freetype:freetype:1.3.1:::::::* cpe:2.3:a:freetype:freetype::::::::	46
Os	Apple Iphone Os cpe:2.3:o:apple:iphone_os:4.3.3:::::::* cpe:2.3:o:apple:iphone_os:4.3.2:::::::* cpe:2.3:o:apple:iphone_os:4.3.1:::::::* cpe:2.3:o:apple:iphone_os:4.3.0:::::::* cpe:2.3:o:apple:iphone_os:4.2.8:::::::* cpe:2.3:o:apple:iphone_os:4.2.7:::::::* cpe:2.3:o:apple:iphone_os:4.2.6:::::::* cpe:2.3:o:apple:iphone_os:4.2.5:::::::* cpe:2.3:o:apple:iphone_os:4.2.1:::::::* cpe:2.3:o:apple:iphone_os:4.2:::::::* cpe:2.3:o:apple:iphone_os:4.1:::::::* cpe:2.3:o:apple:iphone_os:4.0.2:::::::* cpe:2.3:o:apple:iphone_os:4.0.2:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:4.0.2:-:iphone:::::* cpe:2.3:o:apple:iphone_os:4.0.1:::::::* cpe:2.3:o:apple:iphone_os:4.0.1:-:iphone:::::* cpe:2.3:o:apple:iphone_os:4.0.1:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:4.0:::::::* cpe:2.3:o:apple:iphone_os:4.0:-:iphone:::::* cpe:2.3:o:apple:iphone_os:4.0:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:3.2.2:::::::* cpe:2.3:o:apple:iphone_os:3.2.2:-:ipad:::::* cpe:2.3:o:apple:iphone_os:3.2.1:::::::* cpe:2.3:o:apple:iphone_os:3.2.1:-:ipad:::::* cpe:2.3:o:apple:iphone_os:3.2:::::::* cpe:2.3:o:apple:iphone_os:3.2:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:3.2:-:iphone:::::* cpe:2.3:o:apple:iphone_os:3.1.3:::::::* cpe:2.3:o:apple:iphone_os:3.1.3:-:iphone:::::* cpe:2.3:o:apple:iphone_os:3.1.3:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:3.1.2:::::::* cpe:2.3:o:apple:iphone_os:3.1.2:-:iphone:::::* cpe:2.3:o:apple:iphone_os:3.1.2:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:3.1.1:::::ipod_touch:: cpe:2.3:o:apple:iphone_os:3.1:::::::* cpe:2.3:o:apple:iphone_os:3.1:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:3.1:-:iphone:::::* cpe:2.3:o:apple:iphone_os:3.1:::::ipod_touch:: cpe:2.3:o:apple:iphone_os:3.0.1:::::::* cpe:2.3:o:apple:iphone_os:3.0.1:-:iphone:::::* cpe:2.3:o:apple:iphone_os:3.0.1:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:3.0:::::::* cpe:2.3:o:apple:iphone_os:3.0:-:iphone:::::* cpe:2.3:o:apple:iphone_os:3.0:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.2.1:::::::* cpe:2.3:o:apple:iphone_os:2.2.1:-:iphone:::::* cpe:2.3:o:apple:iphone_os:2.2.1:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.2:::::::* cpe:2.3:o:apple:iphone_os:2.2:-:iphone:::::* cpe:2.3:o:apple:iphone_os:2.2:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.1.1:::::::* cpe:2.3:o:apple:iphone_os:2.1:::::::* cpe:2.3:o:apple:iphone_os:2.1:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.1:-:iphone:::::* cpe:2.3:o:apple:iphone_os:2.0.2:::::::* cpe:2.3:o:apple:iphone_os:2.0.2:-:iphone:::::* cpe:2.3:o:apple:iphone_os:2.0.2:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.0.1:::::::* cpe:2.3:o:apple:iphone_os:2.0.1:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.0.1:-:iphone:::::* cpe:2.3:o:apple:iphone_os:2.0.0:::::::* cpe:2.3:o:apple:iphone_os:2.0.0:-:iphone:::::* cpe:2.3:o:apple:iphone_os:2.0.0:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:2.0:::::::* cpe:2.3:o:apple:iphone_os:1.1.5:::::::* cpe:2.3:o:apple:iphone_os:1.1.5:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.1.5:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:1.1.4:::::::* cpe:2.3:o:apple:iphone_os:1.1.4:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:1.1.4:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.1.3:::::::* cpe:2.3:o:apple:iphone_os:1.1.3:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.1.3:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:1.1.2:::::::* cpe:2.3:o:apple:iphone_os:1.1.2:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:1.1.2:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.1.1:::::::* cpe:2.3:o:apple:iphone_os:1.1.1:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.1.0:::::::* cpe:2.3:o:apple:iphone_os:1.1.0:-:ipodtouch:::::* cpe:2.3:o:apple:iphone_os:1.1.0:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.1:::::::* cpe:2.3:o:apple:iphone_os:1.0.2:::::::* cpe:2.3:o:apple:iphone_os:1.0.2:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.0.1:::::::* cpe:2.3:o:apple:iphone_os:1.0.1:-:iphone:::::* cpe:2.3:o:apple:iphone_os:1.0.0:::::::* cpe:2.3:o:apple:iphone_os:1.0:::::::* cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:iphone_os:::~~~~ipad2~:::::* cpe:2.3:o:apple:iphone_os:::~~~~iphone~:::::* cpe:2.3:o:apple:iphone_os:::~~~~ipodtouch~:::::* cpe:2.3:o:apple:iphone_os::::::ipod_touch::* cpe:2.3:o:apple:iphone_os:::::::ipad2:* cpe:2.3:o:apple:iphone_os:::::::iphone:* cpe:2.3:o:apple:iphone_os:::::::ipodtouch:* cpe:2.3:o:apple:iphone_os:-:::::::* cpe:2.3:o:apple:iphone_os:-::~~~~ipad2~::::: cpe:2.3:o:apple:iphone_os:-::~~~~iphone~::::: cpe:2.3:o:apple:iphone_os:-::~~~~ipodtouch~::::: cpe:2.3:o:apple:iphone_os:-::::::ipad2: cpe:2.3:o:apple:iphone_os:-::::::iphone: cpe:2.3:o:apple:iphone_os:-::::::ipodtouch:	103

OpenVAS Exploits

Date	Description
2012-06-06	Name : RedHat Update for freetype RHSA-2011:1085-01 File : nvt/gb_RHSA-2011_1085-01_freetype.nasl
2012-04-26	Name : Fedora Update for freetype FEDORA-2012-5422 File : nvt/gb_fedora_2012_5422_freetype_fc15.nasl
2012-02-12	Name : Gentoo Security Advisory GLSA 201201-09 (FreeType) File : nvt/glsa_201201_09.nasl
2011-12-05	Name : Fedora Update for freetype FEDORA-2011-15964 File : nvt/gb_fedora_2011_15964_freetype_fc15.nasl
2011-12-02	Name : Fedora Update for freetype FEDORA-2011-15956 File : nvt/gb_fedora_2011_15956_freetype_fc14.nasl
2011-11-11	Name : Fedora Update for freetype FEDORA-2011-14749 File : nvt/gb_fedora_2011_14749_freetype_fc15.nasl
2011-10-20	Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-006) File : nvt/gb_macosx_su11-006.nasl
2011-09-21	Name : Debian Security Advisory DSA 2294-1 (freetype) File : nvt/deb_2294_1.nasl
2011-09-21	Name : FreeBSD Ports: freetype2 File : nvt/freebsd_freetype23.nasl
2011-09-07	Name : Fedora Update for freetype FEDORA-2011-9525 File : nvt/gb_fedora_2011_9525_freetype_fc14.nasl
2011-08-02	Name : Mandriva Update for freetype2 MDVSA-2011:120 (freetype2) File : nvt/gb_mandriva_MDVSA_2011_120.nasl
2011-07-27	Name : Ubuntu Update for freetype USN-1173-1 File : nvt/gb_ubuntu_USN_1173_1.nasl
0000-00-00	Name : FreeBSD Ports: freetype2 File : nvt/freebsd_freetype24.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
73661	FreeType t1_decoder_parse_charstrings() Function PostScript Type1 Font Handli... A memory corruption flaw exists in FreeType. The t1_decoder_parse_charstrings() Function fails to sanitize user-supplied input when handling PostScript Type1 fonts, resulting in memory corruption. With a specially crafted PostScript Type1 font, a context-dependent attacker can execute arbitrary code.

Snort® IPS/IDS

Date	Description
2017-08-23	FreeType PostScript Type1 font parsing memory corruption attempt RuleID : 43677 - Revision : 2 - Type : FILE-PDF
2017-08-23	FreeType PostScript Type1 font parsing memory corruption attempt RuleID : 43676 - Revision : 2 - Type : FILE-PDF

Nessus® Vulnerability Scanner

Date	Description
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libfxt_20141107.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_freetype2-110722.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_4_freetype2-110722.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-08.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1085.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110721_freetype_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-01-24	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201201-09.nasl - Type : ACT_GATHER_INFO
2011-10-13	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_7_2.nasl - Type : ACT_GATHER_INFO
2011-08-31	Name : The remote Fedora host is missing a security update. File : fedora_2011-9525.nasl - Type : ACT_GATHER_INFO
2011-08-17	Name : The remote Fedora host is missing a security update. File : fedora_2011-9542.nasl - Type : ACT_GATHER_INFO
2011-08-16	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2294.nasl - Type : ACT_GATHER_INFO
2011-08-12	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_5d374b01c3ee11e08aa5485d60cb5385.nasl - Type : ACT_GATHER_INFO
2011-07-28	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_freetype2-110726.nasl - Type : ACT_GATHER_INFO
2011-07-27	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-120.nasl - Type : ACT_GATHER_INFO
2011-07-26	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1173-1.nasl - Type : ACT_GATHER_INFO
2011-07-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1085.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:58:48	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	5
CPE ID(s)	149
osvdb(s)	1
Openvas Exploit(s)	13
Snort® Rule(s)	2
Nessus® Exploit(s)	16

	Related
9.3	CVE-2011-0226
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)