LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

freetype: arbitrary code execution

Package(s):freetype CVE #(s):CVE-2011-0226
Created:July 21, 2011 Updated:August 31, 2011
Description: From the CVE entry:

Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.

Alerts:
Fedora FEDORA-2011-9525 2011-07-22
Fedora FEDORA-2011-9542 2011-07-22
Debian DSA-2294-1 2011-08-14
SUSE SUSE-SU-2011:0853-1 2011-07-28
openSUSE openSUSE-SU-2011:0852-1 2011-07-28
Mandriva MDVSA-2011:120 2011-07-26
Ubuntu USN-1173-1 2011-07-25
Scientific Linux SL-free-20110721 2011-07-21
Red Hat RHSA-2011:1085-01 2011-07-21
Gentoo 201201-09 2012-01-23
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds