Vulnerabilities > CVE-2010-2807 - Incorrect Conversion Between Numeric Types vulnerability in multiple products

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

nessus

NVD

Published: 2010-08-19

Updated: 2021-04-06

Summary

FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Vulnerable Configurations

Part	Description	Count
Application	Freetype Freetype Freetype 1.3.1 Freetype Freetype 2.0 Freetype Freetype 2.0.0 Freetype Freetype 2.0.1 Freetype Freetype 2.0.2 Freetype Freetype 2.0.3 Freetype Freetype 2.0.4 Freetype Freetype 2.0.5 Freetype Freetype 2.0.6 Freetype Freetype 2.0.7 Freetype Freetype 2.0.8 Freetype Freetype 2.0.9 Freetype Freetype 2.1 Freetype Freetype 2.1.0 Freetype Freetype 2.1.1 Freetype Freetype 2.1.2 Freetype Freetype 2.1.3 Freetype Freetype 2.1.4 Freetype Freetype 2.1.5 Freetype Freetype 2.1.6 Freetype Freetype 2.1.7 Freetype Freetype 2.1.8 Freetype Freetype 2.1.8_Rc1 Freetype Freetype 2.1.9 Freetype Freetype 2.1.10 Freetype Freetype 2.2 Freetype Freetype 2.2.0 Freetype Freetype 2.2.1 Freetype Freetype 2.3.0 Freetype Freetype 2.3.1 Freetype Freetype 2.3.2 Freetype Freetype 2.3.3 Freetype Freetype 2.3.4 Freetype Freetype 2.3.5 Freetype Freetype 2.3.6 Freetype Freetype 2.3.7 Freetype Freetype 2.3.8 Freetype Freetype 2.3.9 Freetype Freetype 2.3.10 Freetype Freetype 2.3.11 Freetype Freetype 2.3.12 Freetype Freetype 2.4.0 Freetype Freetype 2.4.1	67
OS	Canonical Canonical Ubuntu Linux 6.06 Canonical Ubuntu Linux 8.04 Canonical Ubuntu Linux 9.04 Canonical Ubuntu Linux 9.10 Canonical Ubuntu Linux 10.04	5
OS	Apple Apple Iphone OS 1.0.0 Apple Iphone OS 1.0.1 Apple Iphone OS 1.0.2 Apple Iphone OS 1.1.0 Apple Iphone OS 1.1.1 Apple Iphone OS 1.1.2 Apple Iphone OS 1.1.3 Apple Iphone OS 1.1.4 Apple Iphone OS 1.1.5 Apple Iphone OS 2.0 Apple Iphone OS 2.0.0 Apple Iphone OS 2.0.1 Apple Iphone OS 2.0.2 Apple Iphone OS 2.1 Apple Iphone OS 2.1.1 Apple Iphone OS 2.2 Apple Iphone OS 2.2.1 Apple Iphone OS 3.0 Apple Iphone OS 3.0.1 Apple Iphone OS 3.1 Apple Iphone OS 3.1.1 Apple Iphone OS 3.1.2 Apple Iphone OS 3.1.3 Apple Iphone OS 3.2 Apple Iphone OS 3.2.1 Apple Iphone OS 3.2.2 Apple Iphone OS 4.0 Apple Iphone OS 4.0.1 Apple Iphone OS 4.0.2 Apple Iphone OS 4.1 Apple MAC OS X - Apple MAC OS X 10.0 Apple MAC OS X 10.0.0 Apple MAC OS X 10.0.1 Apple MAC OS X 10.0.2 Apple MAC OS X 10.0.3 Apple MAC OS X 10.0.4 Apple MAC OS X 10.1 Apple MAC OS X 10.1.0 Apple MAC OS X 10.1.1 Apple MAC OS X 10.1.2 Apple MAC OS X 10.1.3 Apple MAC OS X 10.1.4 Apple MAC OS X 10.1.5 Apple MAC OS X 10.2 Apple MAC OS X 10.2.0 Apple MAC OS X 10.2.1 Apple MAC OS X 10.2.2 Apple MAC OS X 10.2.3 Apple MAC OS X 10.2.4 Apple MAC OS X 10.2.5 Apple MAC OS X 10.2.6 Apple MAC OS X 10.2.7 Apple MAC OS X 10.2.8 Apple MAC OS X 10.3 Apple MAC OS X 10.3.0 Apple MAC OS X 10.3.1 Apple MAC OS X 10.3.2 Apple MAC OS X 10.3.3 Apple MAC OS X 10.3.4 Apple MAC OS X 10.3.5 Apple MAC OS X 10.3.6 Apple MAC OS X 10.3.7 Apple MAC OS X 10.3.8 Apple MAC OS X 10.3.9 Apple MAC OS X 10.4 Apple MAC OS X 10.4.0 Apple MAC OS X 10.4.1 Apple MAC OS X 10.4.2 Apple MAC OS X 10.4.3 Apple MAC OS X 10.4.4 Apple MAC OS X 10.4.5 Apple MAC OS X 10.4.6 Apple MAC OS X 10.4.7 Apple MAC OS X 10.4.8 Apple MAC OS X 10.4.9 Apple MAC OS X 10.4.10 Apple MAC OS X 10.4.11 Apple MAC OS X 10.5 Apple MAC OS X 10.5.0 Apple MAC OS X 10.5.1 Apple MAC OS X 10.5.2 Apple MAC OS X 10.5.3 Apple MAC OS X 10.5.4 Apple MAC OS X 10.5.5 Apple MAC OS X 10.5.6 Apple MAC OS X 10.5.7 Apple MAC OS X 10.5.8 Apple MAC OS X 10.6.0 Apple MAC OS X 10.6.1 Apple MAC OS X 10.6.2 Apple MAC OS X 10.6.3 Apple MAC OS X 10.6.4 Apple Tvos 1.0.0 Apple Tvos 1.1.0 Apple Tvos 2.0.0 Apple Tvos 2.0.1 Apple Tvos 2.0.2 Apple Tvos 2.1.0 Apple Tvos 2.2.0 Apple Tvos 2.3.0 Apple Tvos 2.3.1 Apple Tvos 2.4.0 Apple Tvos 3.0.0 Apple Tvos 3.0.1 Apple Tvos 3.0.2	151

Common Weakness Enumeration (CWE)

CWE-681 - Incorrect Conversion between Numeric Types

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2010-007.NASL
description	The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-007 applied. This security update contains fixes for the following products : - AFP Server - Apache mod_perl - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - ImageIO - Image RAW - MySQL - Password Server - PHP - Printing - python - QuickLook - Safari RSS - Wiki Server - X11
last seen	2020-06-01
modified	2020-06-02
plugin id	50549
published	2010-11-10
reporter	This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/50549
title	Mac OS X Multiple Vulnerabilities (Security Update 2010-007)
code	# # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(50549); script_version("1.48"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2008-4546", "CVE-2009-0796", "CVE-2009-0946", "CVE-2009-2624", "CVE-2009-3793", "CVE-2009-4134", "CVE-2010-0105", "CVE-2010-0205", "CVE-2010-0209", "CVE-2010-0397", "CVE-2010-1205", "CVE-2010-1297", "CVE-2010-1449", "CVE-2010-1450", "CVE-2010-1752", "CVE-2010-1811", "CVE-2010-1828", "CVE-2010-1829", "CVE-2010-1830", "CVE-2010-1831", "CVE-2010-1832", "CVE-2010-1836", "CVE-2010-1837", "CVE-2010-1838", "CVE-2010-1840", "CVE-2010-1841", "CVE-2010-1845", "CVE-2010-1846", "CVE-2010-1848", "CVE-2010-1849", "CVE-2010-1850", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2162", "CVE-2010-2163", "CVE-2010-2164", "CVE-2010-2165", "CVE-2010-2166", "CVE-2010-2167", "CVE-2010-2169", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2172", "CVE-2010-2173", "CVE-2010-2174", "CVE-2010-2175", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2178", "CVE-2010-2179", "CVE-2010-2180", "CVE-2010-2181", "CVE-2010-2182", "CVE-2010-2183", "CVE-2010-2184", "CVE-2010-2185", "CVE-2010-2186", "CVE-2010-2187", "CVE-2010-2188", "CVE-2010-2189", "CVE-2010-2213", "CVE-2010-2214", "CVE-2010-2215", "CVE-2010-2216", "CVE-2010-2249", "CVE-2010-2484", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2531", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808", "CVE-2010-2884", "CVE-2010-2941", "CVE-2010-3053", "CVE-2010-3054", "CVE-2010-3636", "CVE-2010-3638", "CVE-2010-3639", "CVE-2010-3640", "CVE-2010-3641", "CVE-2010-3642", "CVE-2010-3643", "CVE-2010-3644", "CVE-2010-3645", "CVE-2010-3646", "CVE-2010-3647", "CVE-2010-3648", "CVE-2010-3649", "CVE-2010-3650", "CVE-2010-3652", "CVE-2010-3654", "CVE-2010-3783", "CVE-2010-3784", "CVE-2010-3785", "CVE-2010-3796", "CVE-2010-3797", "CVE-2010-3976", "CVE-2010-4010" ); script_bugtraq_id( 31537, 34383, 34550, 38478, 39658, 40361, 40363, 40365, 40586, 40779, 40780, 40781, 40782, 40783, 40784, 40785, 40786, 40787, 40788, 40789, 40790, 40791, 40792, 40793, 40794, 40795, 40796, 40797, 40798, 40799, 40800, 40801, 40802, 40803, 40805, 40806, 40807, 40808, 40809, 41049, 41174, 42285, 42621, 42624, 44504, 44530, 44671, 44729, 44800, 44802, 44804, 44806, 44807, 44808, 44812, 44814, 44815, 44816, 44817, 44819, 44822, 44829, 44832, 44833, 44835, 99999 ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2010-007)"); script_summary(english:"Check for the presence of Security Update 2010-007"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-007 applied. This security update contains fixes for the following products : - AFP Server - Apache mod_perl - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - ImageIO - Image RAW - MySQL - Password Server - PHP - Printing - python - QuickLook - Safari RSS - Wiki Server - X11" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT4435" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2010/Nov/msg00000.html" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2010-007 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-11-164"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player "Button" Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 79, 189, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/10"); script_set_attribute(attribute:"patch_publication_date", value:"2010/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(0, "The 'Host/uname' KB item is missing."); pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$"; if (!ereg(pattern:pat, string:uname)) exit(0, "Can't identify the Darwin kernel version from the uname output ("+uname+")."); darwin = ereg_replace(pattern:pat, replace:"\1", string:uname); if (ereg(pattern:"^9\.[0-8]\.", string:darwin)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing."); if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2010\.00[7-9]\|201[1-9]\.[0-9]+)(\.leopard)?\.bom", string:packages)) exit(0, "The host has Security Update 2010-007 or later installed and therefore is not affected."); else security_hole(0); } else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-972-1.NASL
description	It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	48361
published	2010-08-18
reporter	Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/48361
title	Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-972-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-972-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(48361); script_version("1.22"); script_cvs_date("Date: 2019/09/19 12:54:26"); script_cve_id("CVE-2010-1797", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"); script_bugtraq_id(42241, 42285, 60740); script_xref(name:"USN", value:"972-1"); script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : freetype vulnerabilities (USN-972-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/972-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected freetype2-demos, libfreetype6 and / or libfreetype6-dev packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:freetype2-demos"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreetype6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfreetype6-dev"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/08/16"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(6\.06\|8\.04\|9\.04\|9\.10\|10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 9.04 / 9.10 / 10.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"freetype2-demos", pkgver:"2.1.10-1ubuntu2.8")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libfreetype6", pkgver:"2.1.10-1ubuntu2.8")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libfreetype6-dev", pkgver:"2.1.10-1ubuntu2.8")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"freetype2-demos", pkgver:"2.3.5-1ubuntu4.8.04.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libfreetype6", pkgver:"2.3.5-1ubuntu4.8.04.4")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libfreetype6-dev", pkgver:"2.3.5-1ubuntu4.8.04.4")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"freetype2-demos", pkgver:"2.3.9-4ubuntu0.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libfreetype6", pkgver:"2.3.9-4ubuntu0.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libfreetype6-dev", pkgver:"2.3.9-4ubuntu0.3")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"freetype2-demos", pkgver:"2.3.9-5ubuntu0.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libfreetype6", pkgver:"2.3.9-5ubuntu0.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"libfreetype6-dev", pkgver:"2.3.9-5ubuntu0.2")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"freetype2-demos", pkgver:"2.3.11-1ubuntu2.2")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libfreetype6", pkgver:"2.3.11-1ubuntu2.2")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libfreetype6-dev", pkgver:"2.3.11-1ubuntu2.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freetype2-demos / libfreetype6 / libfreetype6-dev"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_3_LIBFREETYPE6-100812.NASL
description	This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes - CVE-2010-2497: integer underflow - CVE-2010-2498: invalid free - CVE-2010-2499: buffer overflow - CVE-2010-2500: integer overflow - CVE-2010-2519: heap buffer overflow - CVE-2010-2520: heap buffer overflow - CVE-2010-2527: buffer overflows in the freetype demo - CVE-2010-2541: buffer overflow in ftmulti demo program - CVE-2010-2805: improper bounds checking - CVE-2010-2806: improper bounds checking - CVE-2010-2807: improper type comparisons - CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts
last seen	2020-06-01
modified	2020-06-02
plugin id	75578
published	2014-06-13
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75578
title	openSUSE Security Update : libfreetype6 (openSUSE-SU-2010:0549-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update libfreetype6-2918. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75578); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:39"); script_cve_id("CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"); script_name(english:"openSUSE Security Update : libfreetype6 (openSUSE-SU-2010:0549-1)"); script_summary(english:"Check for the libfreetype6-2918 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes - CVE-2010-2497: integer underflow - CVE-2010-2498: invalid free - CVE-2010-2499: buffer overflow - CVE-2010-2500: integer overflow - CVE-2010-2519: heap buffer overflow - CVE-2010-2520: heap buffer overflow - CVE-2010-2527: buffer overflows in the freetype demo - CVE-2010-2541: buffer overflow in ftmulti demo program - CVE-2010-2805: improper bounds checking - CVE-2010-2806: improper bounds checking - CVE-2010-2807: improper type comparisons - CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=619562" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=628213" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=629447" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2010-08/msg00060.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libfreetype6 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreetype6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreetype6-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.3", reference:"libfreetype6-2.3.12-7.1.1") ) flag++; if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"libfreetype6-32bit-2.3.12-7.1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freetype2"); }

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_10_6_5.NASL
description	The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.5. Mac OS X 10.6.5 contains security fixes for the following products : - AFP Server - Apache mod_perl - Apache - AppKit - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - Image Capture - ImageIO - Image RAW - Kernel - MySQL - neon - Networking - OpenLDAP - OpenSSL - Password Server - PHP - Printing - python - QuickLook - QuickTime - Safari RSS - Time Machine - Wiki Server - X11 - xar
last seen	2020-06-01
modified	2020-06-02
plugin id	50548
published	2010-11-10
reporter	This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/50548
title	Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(50548); script_version("1.52"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id( "CVE-2008-4546", "CVE-2009-0796", "CVE-2009-0946", "CVE-2009-2473", "CVE-2009-2474", "CVE-2009-2624", "CVE-2009-3793", "CVE-2009-4134", "CVE-2010-0001", "CVE-2010-0105", "CVE-2010-0205", "CVE-2010-0209", "CVE-2010-0211", "CVE-2010-0212", "CVE-2010-0397", "CVE-2010-0408", "CVE-2010-0434", "CVE-2010-1205", "CVE-2010-1297", "CVE-2010-1378", "CVE-2010-1449", "CVE-2010-1450", "CVE-2010-1752", "CVE-2010-1803", "CVE-2010-1811", "CVE-2010-1828", "CVE-2010-1829", "CVE-2010-1830", "CVE-2010-1831", "CVE-2010-1832", "CVE-2010-1833", "CVE-2010-1834", "CVE-2010-1836", "CVE-2010-1837", "CVE-2010-1838", "CVE-2010-1840", "CVE-2010-1841", "CVE-2010-1842", "CVE-2010-1843", "CVE-2010-1844", "CVE-2010-1845", "CVE-2010-1846", "CVE-2010-1847", "CVE-2010-1848", "CVE-2010-1849", "CVE-2010-1850", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2162", "CVE-2010-2163", "CVE-2010-2164", "CVE-2010-2165", "CVE-2010-2166", "CVE-2010-2167", "CVE-2010-2169", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2172", "CVE-2010-2173", "CVE-2010-2174", "CVE-2010-2175", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2178", "CVE-2010-2179", "CVE-2010-2180", "CVE-2010-2181", "CVE-2010-2182", "CVE-2010-2183", "CVE-2010-2184", "CVE-2010-2185", "CVE-2010-2186", "CVE-2010-2187", "CVE-2010-2188", "CVE-2010-2189", "CVE-2010-2213", "CVE-2010-2214", "CVE-2010-2215", "CVE-2010-2216", "CVE-2010-2249", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2531", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808", "CVE-2010-2884", "CVE-2010-2941", "CVE-2010-3053", "CVE-2010-3054", "CVE-2010-3636", "CVE-2010-3638", "CVE-2010-3639", "CVE-2010-3640", "CVE-2010-3641", "CVE-2010-3642", "CVE-2010-3643", "CVE-2010-3644", "CVE-2010-3645", "CVE-2010-3646", "CVE-2010-3647", "CVE-2010-3648", "CVE-2010-3649", "CVE-2010-3650", "CVE-2010-3652", "CVE-2010-3654", "CVE-2010-3783", "CVE-2010-3784", "CVE-2010-3785", "CVE-2010-3786", "CVE-2010-3787", "CVE-2010-3788", "CVE-2010-3789", "CVE-2010-3790", "CVE-2010-3791", "CVE-2010-3792", "CVE-2010-3793", "CVE-2010-3794", "CVE-2010-3795", "CVE-2010-3796", "CVE-2010-3797", "CVE-2010-3798", "CVE-2010-3976" ); script_bugtraq_id( 31537, 34383, 34550, 36079, 38478, 38491, 38494, 38708, 39658, 40361, 40363, 40365, 40586, 40779, 40780, 40781, 40782, 40783, 40784, 40785, 40786, 40787, 40788, 40789, 40790, 40791, 40792, 40793, 40794, 40795, 40796, 40797, 40798, 40799, 40800, 40801, 40802, 40803, 40805, 40806, 40807, 40808, 40809, 41049, 41174, 41770, 42285, 42621, 42624, 44504, 44530, 44671, 44784, 44785, 44787, 44789, 44790, 44792, 44794, 44795, 44796, 44798, 44799, 44800, 44802, 44803, 44804, 44805, 44806, 44807, 44808, 44811, 44812, 44813, 44814, 44815, 44816, 44817, 44819, 44822, 44828, 44829, 44831, 44832, 44833, 44834, 44835, 44840 ); script_name(english:"Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities"); script_summary(english:"Check the version of Mac OS X"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.5. Mac OS X 10.6.5 contains security fixes for the following products : - AFP Server - Apache mod_perl - Apache - AppKit - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdev_cmds - Disk Images - Flash Player plug-in - gzip - Image Capture - ImageIO - Image RAW - Kernel - MySQL - neon - Networking - OpenLDAP - OpenSSL - Password Server - PHP - Printing - python - QuickLook - QuickTime - Safari RSS - Time Machine - Wiki Server - X11 - xar" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT4435" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2010/Nov/msg00000.html" ); script_set_attribute( attribute:"solution", value:"Upgrade to Mac OS X 10.6.5 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploithub_sku", value:"EH-11-164"); script_set_attribute(attribute:"exploit_framework_exploithub", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player "Button" Remote Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 79, 189, 200, 310, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/10"); script_set_attribute(attribute:"patch_publication_date", value:"2010/11/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/10"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); exit(0); } os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item("Host/OS"); if (isnull(os)) exit(0, "The 'Host/OS' KB item is missing."); if ("Mac OS X" >!< os) exit(0, "The host does not appear to be running Mac OS X."); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); } if (!os) exit(0, "The host does not appear to be running Mac OS X."); if (ereg(pattern:"Mac OS X 10\.6($\|\.[0-4]([^0-9]\|$))", string:os)) security_hole(0); else exit(0, "The host is not affected as it is running "+os+".");

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_2_FREETYPE2-100812.NASL
description	This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes - CVE-2010-2497: integer underflow - CVE-2010-2498: invalid free - CVE-2010-2499: buffer overflow - CVE-2010-2500: integer overflow - CVE-2010-2519: heap buffer overflow - CVE-2010-2520: heap buffer overflow - CVE-2010-2527: buffer overflows in the freetype demo - CVE-2010-2541: buffer overflow in ftmulti demo program - CVE-2010-2805: improper bounds checking - CVE-2010-2806: improper bounds checking - CVE-2010-2807: improper type comparisons - CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts
last seen	2020-06-01
modified	2020-06-02
plugin id	48755
published	2010-08-26
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/48755
title	openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update freetype2-2913. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(48755); script_version("1.14"); script_cvs_date("Date: 2019/10/25 13:36:38"); script_cve_id("CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"); script_name(english:"openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1)"); script_summary(english:"Check for the freetype2-2913 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes - CVE-2010-2497: integer underflow - CVE-2010-2498: invalid free - CVE-2010-2499: buffer overflow - CVE-2010-2500: integer overflow - CVE-2010-2519: heap buffer overflow - CVE-2010-2520: heap buffer overflow - CVE-2010-2527: buffer overflows in the freetype demo - CVE-2010-2541: buffer overflow in ftmulti demo program - CVE-2010-2805: improper bounds checking - CVE-2010-2806: improper bounds checking - CVE-2010-2807: improper type comparisons - CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=619562" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=628213" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=629447" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2010-08/msg00060.html" ); script_set_attribute( attribute:"solution", value:"Update the affected freetype2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freetype2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freetype2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freetype2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freetype2-devel-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.2", reference:"freetype2-2.3.9-2.3.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"freetype2-devel-2.3.9-2.3.1") ) flag++; if ( rpm_check(release:"SUSE11.2", cpu:"x86_64", reference:"freetype2-32bit-2.3.9-2.3.1") ) flag++; if ( rpm_check(release:"SUSE11.2", cpu:"x86_64", reference:"freetype2-devel-32bit-2.3.9-2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freetype2"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_FREETYPE2-100812.NASL
description	This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - stack-based buffer overflow while processing CFF opcodes. (CVE-2010-1797) - integer underflow. (CVE-2010-2497) - invalid free. (CVE-2010-2498) - buffer overflow. (CVE-2010-2499) - integer overflow. (CVE-2010-2500) - heap buffer overflow. (CVE-2010-2519) - heap buffer overflow. (CVE-2010-2520) - buffer overflows in the freetype demo. (CVE-2010-2527) - buffer overflow in ftmulti demo program. (CVE-2010-2541) - improper bounds checking. (CVE-2010-2805) - improper bounds checking. (CVE-2010-2806) - improper type comparisons. (CVE-2010-2807) - memory corruption flaw by processing certain LWFN fonts. (CVE-2010-2808)
last seen	2020-06-01
modified	2020-06-02
plugin id	50905
published	2010-12-02
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/50905
title	SuSE 11 / 11.1 Security Update : freetype2 (SAT Patch Numbers 2914 / 2919)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(50905); script_version("1.13"); script_cvs_date("Date: 2019/10/25 13:36:39"); script_cve_id("CVE-2010-1797", "CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500", "CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2527", "CVE-2010-2541", "CVE-2010-2805", "CVE-2010-2806", "CVE-2010-2807", "CVE-2010-2808"); script_name(english:"SuSE 11 / 11.1 Security Update : freetype2 (SAT Patch Numbers 2914 / 2919)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - stack-based buffer overflow while processing CFF opcodes. (CVE-2010-1797) - integer underflow. (CVE-2010-2497) - invalid free. (CVE-2010-2498) - buffer overflow. (CVE-2010-2499) - integer overflow. (CVE-2010-2500) - heap buffer overflow. (CVE-2010-2519) - heap buffer overflow. (CVE-2010-2520) - buffer overflows in the freetype demo. (CVE-2010-2527) - buffer overflow in ftmulti demo program. (CVE-2010-2541) - improper bounds checking. (CVE-2010-2805) - improper bounds checking. (CVE-2010-2806) - improper type comparisons. (CVE-2010-2807) - memory corruption flaw by processing certain LWFN fonts. (CVE-2010-2808)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=619562" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=628213" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=629447" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-1797.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2497.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2498.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2499.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2500.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2519.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2520.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2527.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2541.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2805.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2806.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2807.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-2808.html" ); script_set_attribute( attribute:"solution", value:"Apply SAT patch number 2914 / 2919 as appropriate." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:freetype2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:freetype2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:freetype2-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); flag = 0; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"freetype2-2.3.7-25.11.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"freetype2-devel-2.3.7-25.11.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"freetype2-2.3.7-25.11.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"freetype2-32bit-2.3.7-25.11.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"freetype2-devel-2.3.7-25.11.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"freetype2-2.3.7-25.11.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"freetype2-devel-2.3.7-25.11.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"freetype2-2.3.7-25.11.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"freetype2-32bit-2.3.7-25.11.1")) flag++; if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"freetype2-devel-2.3.7-25.11.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"freetype2-2.3.7-25.11.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"freetype2-32bit-2.3.7-25.11.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"freetype2-32bit-2.3.7-25.11.1")) flag++; if (rpm_check(release:"SLES11", sp:1, reference:"freetype2-2.3.7-25.11.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"freetype2-32bit-2.3.7-25.11.1")) flag++; if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"freetype2-32bit-2.3.7-25.11.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2010-156.NASL
description	Multiple vulnerabilities has been found and corrected in freetype2 : The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file (CVE-2010-2805). Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow (CVE-2010-2806). FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file (CVE-2010-2807). Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font (CVE-2010-2808). bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string (CVE-2010-3053). Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c (CVE-2010-3054). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	48402
published	2010-08-23
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/48402
title	Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:156)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2010-157.NASL
description	Multiple vulnerabilities has been found and corrected in freetype2 : The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file (CVE-2010-2805). Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow (CVE-2010-2806). FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file (CVE-2010-2807). Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font (CVE-2010-2808). bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string (CVE-2010-3053). The updated packages have been patched to correct these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	48403
published	2010-08-23
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/48403
title	Mandriva Linux Security Advisory : freetype2 (MDVSA-2010:157)

NASL family	SuSE Local Security Checks
NASL id	SUSE9_12630.NASL
description	This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - stack-based buffer overflow while processing CFF opcodes. (CVE-2010-1797) - integer underflow. (CVE-2010-2497) - invalid free. (CVE-2010-2498) - buffer overflow. (CVE-2010-2499) - integer overflow. (CVE-2010-2500) - heap buffer overflow. (CVE-2010-2519) - heap buffer overflow. (CVE-2010-2520) - buffer overflows in the freetype demo. (CVE-2010-2527) - buffer overflow in ftmulti demo program. (CVE-2010-2541) - improper bounds checking. (CVE-2010-2805) - improper bounds checking. (CVE-2010-2806) - improper type comparisons. (CVE-2010-2807) - memory corruption flaw by processing certain LWFN fonts. (CVE-2010-2808)
last seen	2020-06-01
modified	2020-06-02
plugin id	48900
published	2010-08-27
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/48900
title	SuSE9 Security Update : freetype2 (YOU Patch Number 12630)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-2105.NASL
description	Several vulnerabilities have been discovered in the FreeType font library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-1797 Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. - CVE-2010-2541 Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. - CVE-2010-2805 The FT_Stream_EnterFrame function in base/ftstream.c in FreeType does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file - CVE-2010-2806 Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. - CVE-2010-2807 FreeType uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. - CVE-2010-2808 Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. - CVE-2010-3053 bdf/bdflib.c in FreeType allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.
last seen	2020-06-01
modified	2020-06-02
plugin id	49150
published	2010-09-09
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/49150
title	Debian DSA-2105-1 : freetype - several vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_FREETYPE2-7121.NASL
description	This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - stack-based buffer overflow while processing CFF opcodes. (CVE-2010-1797) - integer underflow. (CVE-2010-2497) - invalid free. (CVE-2010-2498) - buffer overflow. (CVE-2010-2499) - integer overflow. (CVE-2010-2500) - heap buffer overflow. (CVE-2010-2519) - heap buffer overflow. (CVE-2010-2520) - buffer overflows in the freetype demo. (CVE-2010-2527) - buffer overflow in ftmulti demo program. (CVE-2010-2541) - improper bounds checking. (CVE-2010-2805) - improper bounds checking. (CVE-2010-2806) - improper type comparisons. (CVE-2010-2807) - memory corruption flaw by processing certain LWFN fonts. (CVE-2010-2808)
last seen	2020-06-01
modified	2020-06-02
plugin id	49854
published	2010-10-11
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/49854
title	SuSE 10 Security Update : freetype2 (ZYPP Patch Number 7121)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_1_FREETYPE2-100812.NASL
description	This update of freetype2 fixes several vulnerabilities that could lead to remote system compromise by executing arbitrary code with user privileges : - CVE-2010-1797: stack-based buffer overflow while processing CFF opcodes - CVE-2010-2497: integer underflow - CVE-2010-2498: invalid free - CVE-2010-2499: buffer overflow - CVE-2010-2500: integer overflow - CVE-2010-2519: heap buffer overflow - CVE-2010-2520: heap buffer overflow - CVE-2010-2527: buffer overflows in the freetype demo - CVE-2010-2541: buffer overflow in ftmulti demo program - CVE-2010-2805: improper bounds checking - CVE-2010-2806: improper bounds checking - CVE-2010-2807: improper type comparisons - CVE-2010-2808: memory corruption flaw by processing certain LWFN fonts
last seen	2020-06-01
modified	2020-06-02
plugin id	48753
published	2010-08-26
reporter	This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/48753
title	openSUSE Security Update : freetype2 (openSUSE-SU-2010:0549-1)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201201-09.NASL
description	The remote host is affected by the vulnerability described in GLSA-201201-09 (FreeType: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted font, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	57651
published	2012-01-24
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57651
title	GLSA-201201-09 : FreeType: Multiple vulnerabilities

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References