Vulnerabilities > CVE-2010-1797 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Exploit-Db
description Foxit Reader <= 4.0 pdf Jailbreak Exploit. CVE-2010-1797. Local exploit for hardware platform id EDB-ID:14727 last seen 2016-02-01 modified 2010-08-24 published 2010-08-24 reporter Jose Miguel Esparza source https://www.exploit-db.com/download/14727/ title Foxit Reader <= 4.0 pdf Jailbreak Exploit description Apple iOS pdf Jailbreak Exploit. CVE-2010-1797,CVE-2010-2972,CVE-2010-2973. Local exploit for ios platform file exploits/ios/local/14538.txt id EDB-ID:14538 last seen 2016-02-01 modified 2010-08-03 platform ios port published 2010-08-03 reporter jailbreakme source https://www.exploit-db.com/download/14538/ title Apple iOS pdf Jailbreak Exploit type local
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-972-1.NASL description It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 48361 published 2010-08-18 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48361 title Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-972-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-972-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(48361); script_version("1.22"); script_cvs_date("Date: 2019/09/19 12:54:26"); script_cve_id("CVE-2010-1797", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"); script_bugtraq_id(42241, 42285, 60740); script_xref(name:"USN", value:"972-1"); script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-972-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/972-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected freetype2-demos, libfreetype6 and / or libfreetype6-dev packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:freetype2-demos"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreetype6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/08/16"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(6\.06|8\.04|9\.04|9\.10|10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 9.04 / 9.10 / 10.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"freetype2-demos", pkgver:"2.1.10-1ubuntu2.8")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libfreetype6", pkgver:"2.1.10-1ubuntu2.8")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libfreetype6-dev", pkgver:"2.1.10-1ubuntu2.8")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"freetype2-demos", pkgver:"2.3.5-1ubuntu4.8.04.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libfreetype6", pkgver:"2.3.5-1ubuntu4.8.04.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libfreetype6-dev", pkgver:"2.3.5-1ubuntu4.8.04.4")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"freetype2-demos", pkgver:"2.3.9-4ubuntu0.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libfreetype6", pkgver:"2.3.9-4ubuntu0.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libfreetype6-dev", pkgver:"2.3.9-4ubuntu0.3")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"freetype2-demos", pkgver:"2.3.9-5ubuntu0.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libfreetype6", pkgver:"2.3.9-5ubuntu0.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libfreetype6-dev", pkgver:"2.3.9-5ubuntu0.2")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"freetype2-demos", pkgver:"2.3.11-1ubuntu2.2")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libfreetype6", pkgver:"2.3.11-1ubuntu2.2")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libfreetype6-dev", pkgver:"2.3.11-1ubuntu2.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freetype2-demos / libfreetype6 / libfreetype6-dev"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0607.NASL description Updated freetype packages that fix two security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 3 and 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine. Two stack overflow flaws were found in the way the FreeType font engine processed certain Compact Font Format (CFF) character strings (opcodes). If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1797) Red Hat would like to thank Braden Thomas of the Apple Product Security team for reporting these issues. Note: CVE-2010-1797 only affects the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 48269 published 2010-08-09 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48269 title CentOS 3 / 4 / 5 : freetype (CESA-2010:0607) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2010:0607 and # CentOS Errata and Security Advisory 2010:0607 respectively. # include("compat.inc"); if (description) { script_id(48269); script_version("1.17"); script_cvs_date("Date: 2019/10/25 13:36:05"); script_cve_id("CVE-2010-1797"); script_xref(name:"RHSA", value:"2010:0607"); script_name(english:"CentOS 3 / 4 / 5 : freetype (CESA-2010:0607)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated freetype packages that fix two security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 3 and 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine. Two stack overflow flaws were found in the way the FreeType font engine processed certain Compact Font Format (CFF) character strings (opcodes). If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1797) Red Hat would like to thank Braden Thomas of the Apple Product Security team for reporting these issues. Note: CVE-2010-1797 only affects the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2010-August/016872.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f3cae0a7" ); # https://lists.centos.org/pipermail/centos-announce/2010-August/016873.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0166864d" ); # https://lists.centos.org/pipermail/centos-announce/2010-August/016888.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?525a1a23" ); # https://lists.centos.org/pipermail/centos-announce/2010-August/016889.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a1ae3628" ); # https://lists.centos.org/pipermail/centos-announce/2010-August/016922.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b4dee148" ); # https://lists.centos.org/pipermail/centos-announce/2010-August/016923.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9032f78e" ); script_set_attribute( attribute:"solution", value:"Update the affected freetype packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freetype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freetype-demos"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freetype-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:freetype-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/08/16"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x / 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"freetype-2.1.4-16.el3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"freetype-2.1.4-16.el3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"freetype-demos-2.1.4-16.el3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"freetype-demos-2.1.4-16.el3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"freetype-devel-2.1.4-16.el3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"freetype-devel-2.1.4-16.el3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"freetype-utils-2.1.4-16.el3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"freetype-utils-2.1.4-16.el3")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"freetype-2.1.9-15.el4.8")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"freetype-2.1.9-15.el4.8")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"freetype-demos-2.1.9-15.el4.8")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"freetype-demos-2.1.9-15.el4.8")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"freetype-devel-2.1.9-15.el4.8")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"freetype-devel-2.1.9-15.el4.8")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"freetype-utils-2.1.9-15.el4.8")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"freetype-utils-2.1.9-15.el4.8")) flag++; if (rpm_check(release:"CentOS-5", reference:"freetype-2.2.1-26.el5_5")) flag++; if (rpm_check(release:"CentOS-5", reference:"freetype-demos-2.2.1-26.el5_5")) flag++; if (rpm_check(release:"CentOS-5", reference:"freetype-devel-2.2.1-26.el5_5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freetype / freetype-demos / freetype-devel / freetype-utils"); }NASL family SuSE Local Security Checks NASL id SUSE_11_3_LIBFREETYPE6-100812.NASL description This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes - CVE-2010-2497: integer underflow - CVE-2010-2498: invalid free - CVE-2010-2499: buffer overflow - CVE-2010-2500: integer overflow - CVE-2010-2519: heap buffer overflow - CVE-2010-2520: heap buffer overflow - CVE-2010-2527: buffer overflows in the freetype demo - CVE-2010-2541: buffer overflow in ftmulti demo program - CVE-2010-2805: improper bounds checking - CVE-2010-2806: improper bounds checking - CVE-2010-2807: improper type comparisons - CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts last seen 2020-06-01 modified 2020-06-02 plugin id 75578 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75578 title openSUSE Security Update : libfreetype6 (openSUSE-SU-2010:0549-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libfreetype6-2918. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75578); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:39"); script_cve_id("CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"); script_name(english:"openSUSE Security Update : libfreetype6 (openSUSE-SU-2010:0549-1)"); script_summary(english:"Check for the libfreetype6-2918 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes - CVE-2010-2497: integer underflow - CVE-2010-2498: invalid free - CVE-2010-2499: buffer overflow - CVE-2010-2500: integer overflow - CVE-2010-2519: heap buffer overflow - CVE-2010-2520: heap buffer overflow - CVE-2010-2527: buffer overflows in the freetype demo - CVE-2010-2541: buffer overflow in ftmulti demo program - CVE-2010-2805: improper bounds checking - CVE-2010-2806: improper bounds checking - CVE-2010-2807: improper type comparisons - CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=619562" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=628213" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=629447" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2010-08/msg00060.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libfreetype6 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreetype6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreetype6-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.3", reference:"libfreetype6-2.3.12-7.1.1") ) flag++; if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"libfreetype6-32bit-2.3.12-7.1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freetype2"); }NASL family Fedora Local Security Checks NASL id FEDORA_2010-15705.NASL description - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-6 - Add freetype-2.3.11-CVE-2010-2805.patch (Fix comparison.) - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.) - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total length of collected POST segments.) - Add freetype-2.3.11-CVE-2010-3311.patch (Don last seen 2020-06-01 modified 2020-06-02 plugin id 50026 published 2010-10-20 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50026 title Fedora 13 : freetype-2.3.11-6.fc13 (2010-15705) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-15705. # include("compat.inc"); if (description) { script_id(50026); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:31"); script_cve_id("CVE-2010-1797", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2808", "CVE-2010-3311"); script_bugtraq_id(41663, 42241, 42285, 43700); script_xref(name:"FEDORA", value:"2010-15705"); script_name(english:"Fedora 13 : freetype-2.3.11-6.fc13 (2010-15705)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-6 - Add freetype-2.3.11-CVE-2010-2805.patch (Fix comparison.) - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.) - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total length of collected POST segments.) - Add freetype-2.3.11-CVE-2010-3311.patch (Don't seek behind end of stream.) - Resolves: #638522 - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-5 - Add freetype-2.3.11-CVE-2010-1797.patch (Check stack after execution of operations too. Skip the evaluations of the values in decoder, if cff_decoder_parse_charstrings() returns any error.) - Resolves: #621627 - Fri Oct 1 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-4 - Add freetype-2.3.11-CVE-2010-2498.patch (Assure that `end_point' is not larger than `glyph->num_points') - Add freetype-2.3.11-CVE-2010-2499.patch (Check the buffer size during gathering PFB fragments) - Add freetype-2.3.11-CVE-2010-2500.patch (Use smaller threshold values for `width' and `height') - Add freetype-2.3.11-CVE-2010-2519.patch (Check `rlen' the length of fragment declared in the POST fragment header) - Add freetype-2.3.11-CVE-2010-2520.patch (Fix bounds check) - Add freetype-2.3.11-CVE-2010-2527.patch (Use precision for `%s' where appropriate to avoid buffer overflows) - Add freetype-2.3.11-CVE-2010-2541.patch (Avoid overflow when dealing with names of axes) - Resolves: #613299 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=613160" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=613162" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=613167" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=613194" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=613198" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=614557" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=617342" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=621144" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=621907" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=621980" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=623625" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=625626" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049605.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1b04ead5" ); script_set_attribute( attribute:"solution", value:"Update the affected freetype package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:freetype"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13"); script_set_attribute(attribute:"patch_publication_date", value:"2010/10/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC13", reference:"freetype-2.3.11-6.fc13")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freetype"); }NASL family Scientific Linux Local Security Checks NASL id SL_20100805_FREETYPE_ON_SL3_X.NASL description Two stack overflow flaws were found in the way the FreeType font engine processed certain Compact Font Format (CFF) character strings (opcodes). If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1797) Note: CVE-2010-1797 only affects the FreeType 2 font engine. The X server must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60830 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60830 title Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60830); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:19"); script_cve_id("CVE-2010-1797"); script_name(english:"Scientific Linux Security Update : freetype on SL3.x, SL4.x, SL5.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Two stack overflow flaws were found in the way the FreeType font engine processed certain Compact Font Format (CFF) character strings (opcodes). If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1797) Note: CVE-2010-1797 only affects the FreeType 2 font engine. The X server must be restarted (log out, then log back in) for this update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1008&L=scientific-linux-errata&T=0&P=656 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?564229ec" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL3", reference:"freetype-2.1.4-16.el3")) flag++; if (rpm_check(release:"SL3", reference:"freetype-demos-2.1.4-16.el3")) flag++; if (rpm_check(release:"SL3", reference:"freetype-devel-2.1.4-16.el3")) flag++; if (rpm_check(release:"SL3", reference:"freetype-utils-2.1.4-16.el3")) flag++; if (rpm_check(release:"SL4", reference:"freetype-2.1.9-15.el4.8")) flag++; if (rpm_check(release:"SL4", reference:"freetype-demos-2.1.9-15.el4.8")) flag++; if (rpm_check(release:"SL4", reference:"freetype-devel-2.1.9-15.el4.8")) flag++; if (rpm_check(release:"SL4", reference:"freetype-utils-2.1.9-15.el4.8")) flag++; if (rpm_check(release:"SL5", reference:"freetype-2.2.1-26.el5_5")) flag++; if (rpm_check(release:"SL5", reference:"freetype-demos-2.2.1-26.el5_5")) flag++; if (rpm_check(release:"SL5", reference:"freetype-devel-2.2.1-26.el5_5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0607.NASL description From Red Hat Security Advisory 2010:0607 : Updated freetype packages that fix two security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 3 and 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine. Two stack overflow flaws were found in the way the FreeType font engine processed certain Compact Font Format (CFF) character strings (opcodes). If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1797) Red Hat would like to thank Braden Thomas of the Apple Product Security team for reporting these issues. Note: CVE-2010-1797 only affects the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68080 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68080 title Oracle Linux 3 / 4 / 5 : freetype (ELSA-2010-0607) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2010:0607 and # Oracle Linux Security Advisory ELSA-2010-0607 respectively. # include("compat.inc"); if (description) { script_id(68080); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:08"); script_cve_id("CVE-2010-1797"); script_xref(name:"RHSA", value:"2010:0607"); script_name(english:"Oracle Linux 3 / 4 / 5 : freetype (ELSA-2010-0607)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2010:0607 : Updated freetype packages that fix two security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 3 and 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine. Two stack overflow flaws were found in the way the FreeType font engine processed certain Compact Font Format (CFF) character strings (opcodes). If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1797) Red Hat would like to thank Braden Thomas of the Apple Product Security team for reporting these issues. Note: CVE-2010-1797 only affects the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2010-August/001583.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2010-August/001584.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2010-August/001585.html" ); script_set_attribute( attribute:"solution", value:"Update the affected freetype packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freetype"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freetype-demos"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freetype-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:freetype-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/08/16"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4 / 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL3", cpu:"i386", reference:"freetype-2.1.4-16.el3")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"freetype-2.1.4-16.el3")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"freetype-devel-2.1.4-16.el3")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"freetype-devel-2.1.4-16.el3")) flag++; if (rpm_check(release:"EL4", reference:"freetype-2.1.9-15.el4.8")) flag++; if (rpm_check(release:"EL4", reference:"freetype-demos-2.1.9-15.el4.8")) flag++; if (rpm_check(release:"EL4", reference:"freetype-devel-2.1.9-15.el4.8")) flag++; if (rpm_check(release:"EL4", reference:"freetype-utils-2.1.9-15.el4.8")) flag++; if (rpm_check(release:"EL5", reference:"freetype-2.2.1-26.el5_5")) flag++; if (rpm_check(release:"EL5", reference:"freetype-demos-2.2.1-26.el5_5")) flag++; if (rpm_check(release:"EL5", reference:"freetype-devel-2.2.1-26.el5_5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freetype / freetype-demos / freetype-devel / freetype-utils"); }NASL family SuSE Local Security Checks NASL id SUSE_11_2_FREETYPE2-100812.NASL description This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes - CVE-2010-2497: integer underflow - CVE-2010-2498: invalid free - CVE-2010-2499: buffer overflow - CVE-2010-2500: integer overflow - CVE-2010-2519: heap buffer overflow - CVE-2010-2520: heap buffer overflow - CVE-2010-2527: buffer overflows in the freetype demo - CVE-2010-2541: buffer overflow in ftmulti demo program - CVE-2010-2805: improper bounds checking - CVE-2010-2806: improper bounds checking - CVE-2010-2807: improper type comparisons - CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts last seen 2020-06-01 modified 2020-06-02 plugin id 48755 published 2010-08-26 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48755 title openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update freetype2-2913. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(48755); script_version("1.14"); script_cvs_date("Date: 2019/10/25 13:36:38"); script_cve_id("CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"); script_name(english:"openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1)"); script_summary(english:"Check for the freetype2-2913 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes - CVE-2010-2497: integer underflow - CVE-2010-2498: invalid free - CVE-2010-2499: buffer overflow - CVE-2010-2500: integer overflow - CVE-2010-2519: heap buffer overflow - CVE-2010-2520: heap buffer overflow - CVE-2010-2527: buffer overflows in the freetype demo - CVE-2010-2541: buffer overflow in ftmulti demo program - CVE-2010-2805: improper bounds checking - CVE-2010-2806: improper bounds checking - CVE-2010-2807: improper type comparisons - CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=619562" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=628213" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=629447" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2010-08/msg00060.html" ); script_set_attribute( attribute:"solution", value:"Update the affected freetype2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freetype2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freetype2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freetype2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freetype2-devel-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.2", reference:"freetype2-2.3.9-2.3.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"freetype2-devel-2.3.9-2.3.1") ) flag++; if ( rpm_check(release:"SUSE11.2", cpu:"x86_64", reference:"freetype2-32bit-2.3.9-2.3.1") ) flag++; if ( rpm_check(release:"SUSE11.2", cpu:"x86_64", reference:"freetype2-devel-32bit-2.3.9-2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freetype2"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-149.NASL description A vulnerability has been discovered and corrected in freetype2 : Multiple stack overflow flaws have been reported in the way FreeType font rendering engine processed certain CFF opcodes. An attacker could use these flaws to create a specially crafted font file that, when opened, would cause an application linked against libfreetype to crash, or, possibly execute arbitrary code (CVE-2010-1797). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 48319 published 2010-08-13 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48319 title Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:149) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0622.NASL description Updated rhev-hypervisor packages that fix multiple security issues and two bugs are now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was found that the libspice component of QEMU-KVM on the host did not validate all pointers provided from a guest system last seen 2020-06-01 modified 2020-06-02 plugin id 79276 published 2014-11-17 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79276 title RHEL 5 : rhev-hypervisor (RHSA-2010:0622) NASL family Fedora Local Security Checks NASL id FEDORA_2010-17728.NASL description - Mon Nov 15 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-7 - Add freetype-2.3.11-CVE-2010-3855.patch (Protect against invalid `runcnt last seen 2020-06-01 modified 2020-06-02 plugin id 50670 published 2010-11-22 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50670 title Fedora 13 : freetype-2.3.11-7.fc13 (2010-17728) NASL family Windows NASL id FOXIT_READER_4_1_1_0805.NASL description The version of Foxit Reader installed on the remote Windows host is prior to 4.1.1.0805. It is, therefore, affected by a remote code execution vulnerability in the FreeType engine due to multiple stack-based buffer overflow conditions in the CFF Type2 CharStrings interpreter, specifically within the function cff_decoder_parse_charstrings(). An attacker can exploit this, via crafted CFF opcodes in embedded fonts in a PDF document, to cause a denial of service or to execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 48276 published 2010-08-09 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48276 title Foxit Reader < 4.1.1.0805 FreeType CFF Opcodes RCE NASL family SuSE Local Security Checks NASL id SUSE_11_FREETYPE2-100812.NASL description This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - stack-based buffer overflow while processing CFF opcodes. (CVE-2010-1797) - integer underflow. (CVE-2010-2497) - invalid free. (CVE-2010-2498) - buffer overflow. (CVE-2010-2499) - integer overflow. (CVE-2010-2500) - heap buffer overflow. (CVE-2010-2519) - heap buffer overflow. (CVE-2010-2520) - buffer overflows in the freetype demo. (CVE-2010-2527) - buffer overflow in ftmulti demo program. (CVE-2010-2541) - improper bounds checking. (CVE-2010-2805) - improper bounds checking. (CVE-2010-2806) - improper type comparisons. (CVE-2010-2807) - memory corruption flaw by processing certain LWFN fonts. (CVE-2010-2808) last seen 2020-06-01 modified 2020-06-02 plugin id 50905 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50905 title SuSE 11 / 11.1 Security Update : freetype2 (SAT Patch Numbers 2914 / 2919) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-201.NASL description A vulnerability was discovered and corrected in freetype2 : Marc Schoenefeld found an input stream position error in the way FreeType font rendering engine processed input file streams. If a user loaded a specially crafted font file with an application linked against FreeType and relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could cause the application to crash or, possibly execute arbitrary code (integer overflow leading to heap-based buffer overflow in the libXft library) with the privileges of the user running the application. Different vulnerability than CVE-2010-1797 (CVE-2010-3311). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 49971 published 2010-10-14 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49971 title Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:201) NASL family Fedora Local Security Checks NASL id FEDORA_2010-15785.NASL description - Mon Oct 4 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-6 - Add freetype-2.3.11-CVE-2010-2805.patch (Fix comparison.) - Add freetype-2.3.11-CVE-2010-2806.patch (Protect against negative string_size. Fix comparison.) - Add freetype-2.3.11-CVE-2010-2808.patch (Check the total length of collected POST segments.) - Add freetype-2.3.11-CVE-2010-3311.patch (Don last seen 2020-06-01 modified 2020-06-02 plugin id 50437 published 2010-11-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50437 title Fedora 12 : freetype-2.3.11-6.fc12 (2010-15785) NASL family SuSE Local Security Checks NASL id SUSE9_12630.NASL description This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - stack-based buffer overflow while processing CFF opcodes. (CVE-2010-1797) - integer underflow. (CVE-2010-2497) - invalid free. (CVE-2010-2498) - buffer overflow. (CVE-2010-2499) - integer overflow. (CVE-2010-2500) - heap buffer overflow. (CVE-2010-2519) - heap buffer overflow. (CVE-2010-2520) - buffer overflows in the freetype demo. (CVE-2010-2527) - buffer overflow in ftmulti demo program. (CVE-2010-2541) - improper bounds checking. (CVE-2010-2805) - improper bounds checking. (CVE-2010-2806) - improper type comparisons. (CVE-2010-2807) - memory corruption flaw by processing certain LWFN fonts. (CVE-2010-2808) last seen 2020-06-01 modified 2020-06-02 plugin id 48900 published 2010-08-27 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48900 title SuSE9 Security Update : freetype2 (YOU Patch Number 12630) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0607.NASL description Updated freetype packages that fix two security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 3 and 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine. Two stack overflow flaws were found in the way the FreeType font engine processed certain Compact Font Format (CFF) character strings (opcodes). If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1797) Red Hat would like to thank Braden Thomas of the Apple Product Security team for reporting these issues. Note: CVE-2010-1797 only affects the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 48258 published 2010-08-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48258 title RHEL 3 / 4 / 5 : freetype (RHSA-2010:0607) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2105.NASL description Several vulnerabilities have been discovered in the FreeType font library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-1797 Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. - CVE-2010-2541 Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. - CVE-2010-2805 The FT_Stream_EnterFrame function in base/ftstream.c in FreeType does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file - CVE-2010-2806 Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. - CVE-2010-2807 FreeType uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. - CVE-2010-2808 Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. - CVE-2010-3053 bdf/bdflib.c in FreeType allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string. last seen 2020-06-01 modified 2020-06-02 plugin id 49150 published 2010-09-09 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49150 title Debian DSA-2105-1 : freetype - several vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2010-17755.NASL description - Mon Nov 15 2010 Marek Kasik <mkasik at redhat.com> 2.3.11-7 - Add freetype-2.3.11-CVE-2010-3855.patch (Protect against invalid `runcnt last seen 2020-06-01 modified 2020-06-02 plugin id 50672 published 2010-11-22 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50672 title Fedora 12 : freetype-2.3.11-7.fc12 (2010-17755) NASL family SuSE Local Security Checks NASL id SUSE_FREETYPE2-7121.NASL description This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - stack-based buffer overflow while processing CFF opcodes. (CVE-2010-1797) - integer underflow. (CVE-2010-2497) - invalid free. (CVE-2010-2498) - buffer overflow. (CVE-2010-2499) - integer overflow. (CVE-2010-2500) - heap buffer overflow. (CVE-2010-2519) - heap buffer overflow. (CVE-2010-2520) - buffer overflows in the freetype demo. (CVE-2010-2527) - buffer overflow in ftmulti demo program. (CVE-2010-2541) - improper bounds checking. (CVE-2010-2805) - improper bounds checking. (CVE-2010-2806) - improper type comparisons. (CVE-2010-2807) - memory corruption flaw by processing certain LWFN fonts. (CVE-2010-2808) last seen 2020-06-01 modified 2020-06-02 plugin id 49854 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49854 title SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7121) NASL family SuSE Local Security Checks NASL id SUSE_11_1_FREETYPE2-100812.NASL description This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes - CVE-2010-2497: integer underflow - CVE-2010-2498: invalid free - CVE-2010-2499: buffer overflow - CVE-2010-2500: integer overflow - CVE-2010-2519: heap buffer overflow - CVE-2010-2520: heap buffer overflow - CVE-2010-2527: buffer overflows in the freetype demo - CVE-2010-2541: buffer overflow in ftmulti demo program - CVE-2010-2805: improper bounds checking - CVE-2010-2806: improper bounds checking - CVE-2010-2807: improper type comparisons - CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts last seen 2020-06-01 modified 2020-06-02 plugin id 48753 published 2010-08-26 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48753 title openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201201-09.NASL description The remote host is affected by the vulnerability described in GLSA-201201-09 (FreeType: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted font, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 57651 published 2012-01-24 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57651 title GLSA-201201-09 : FreeType: Multiple vulnerabilities
Packetstorm
| data source | https://packetstormsecurity.com/files/download/93045/foxitreader-jailbreak.txt |
| id | PACKETSTORM:93045 |
| last seen | 2016-12-05 |
| published | 2010-08-26 |
| reporter | Jose Miguel Esparza |
| source | https://packetstormsecurity.com/files/93045/Foxit-Reader-4.0-PDF-Jailbreak.html |
| title | Foxit Reader 4.0 PDF Jailbreak |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
bulletinFamily exploit description No description provided by source. id SSV:69655 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-69655 title Foxit Reader <= 4.0 pdf Jailbreak Exploit bulletinFamily exploit description No description provided by source. id SSV:20066 last seen 2017-11-19 modified 2010-08-25 published 2010-08-25 reporter Root source https://www.seebug.org/vuldb/ssvid-20066 title Foxit Reader <= 4.0 pdf Jailbreak Exploit
References
- http://support.apple.com/kb/HT4292
- http://osvdb.org/66828
- http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html
- http://www.exploit-db.com/exploits/14538
- http://secunia.com/advisories/40807
- http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html
- http://support.apple.com/kb/HT4291
- http://www.securityfocus.com/bid/42151
- http://www.ubuntu.com/usn/USN-972-1
- https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019
- http://www.vupen.com/english/advisories/2010/2106
- http://www.vupen.com/english/advisories/2010/2018
- http://www.f-secure.com/weblog/archives/00002002.html
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50
- http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2
- https://bugzilla.redhat.com/show_bug.cgi?id=621144
- http://secunia.com/advisories/40816
- http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc
- http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view
- http://secunia.com/advisories/40982
- http://secunia.com/advisories/48951
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60856