Vulnerabilities > CVE-2011-0226 - Numeric Errors vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_5D374B01C3EE11E08AA5485D60CB5385.NASL description Vincent Danen reports : Due to an error within the t1_decoder_parse_charstrings() function (src/psaux/t1decode.c) and can be exploited to corrupt memory by tricking a user into processing a specially crafted postscript Type1 font in an application that uses the freetype library. last seen 2020-06-01 modified 2020-06-02 plugin id 55822 published 2011-08-12 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55822 title FreeBSD : freetype2 -- execute arbitrary code or cause denial of service (5d374b01-c3ee-11e0-8aa5-485d60cb5385) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-1085.NASL description From Red Hat Security Advisory 2011:1085 : Updated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine. A flaw was found in the way the FreeType font rendering engine processed certain PostScript Type 1 fonts. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0226) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68311 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68311 title Oracle Linux 6 : freetype (ELSA-2011-1085) NASL family MacOS X Local Security Checks NASL id MACOSX_10_7_2.NASL description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.2. This version contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreMedia - CoreProcesses - CoreStorage - File Systems - iChat Server - Kernel - libsecurity - Open Directory - PHP - python - QuickTime - SMB File Server - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 56480 published 2011-10-13 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56480 title Mac OS X 10.7.x < 10.7.2 Multiple Vulnerabilities NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2011-08.NASL description The MITRE CVE database describes CVE-2011-3256 as : FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226. last seen 2020-06-01 modified 2020-06-02 plugin id 69567 published 2013-09-04 reporter This script is Copyright (C) 2013-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69567 title Amazon Linux AMI : freetype (ALAS-2011-08) NASL family SuSE Local Security Checks NASL id SUSE_11_4_FREETYPE2-110722.NASL description This freetype2 update fixes sign extension problems and missing length checks. This issue was used in one of the last jailbreakme exploits for Apple iPhone/iPad products. (CVE-2011-0226) last seen 2020-06-01 modified 2020-06-02 plugin id 75844 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75844 title openSUSE Security Update : freetype2 (openSUSE-SU-2011:0852-1) NASL family Fedora Local Security Checks NASL id FEDORA_2011-9525.NASL description This update fixes CVE-2011-0226. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56016 published 2011-08-31 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56016 title Fedora 14 : freetype-2.4.2-5.fc14 (2011-9525) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2294.NASL description It was discovered that insufficient input sanitising in Freetype last seen 2020-03-17 modified 2011-08-16 plugin id 55852 published 2011-08-16 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55852 title Debian DSA-2294-1 : freetype - missing input sanitising NASL family SuSE Local Security Checks NASL id SUSE_11_3_FREETYPE2-110722.NASL description This freetype2 update fixes sign extension problems and missing length checks. This issue was used in one of the last jailbreakme exploits for Apple iPhone/iPad products. (CVE-2011-0226) last seen 2020-06-01 modified 2020-06-02 plugin id 75506 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75506 title openSUSE Security Update : freetype2 (openSUSE-SU-2011:0852-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-120.NASL description A vulnerability was discovered and corrected in freetype2 : Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011 (CVE-2011-0226). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149 products_id=490 The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 55695 published 2011-07-27 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55695 title Mandriva Linux Security Advisory : freetype2 (MDVSA-2011:120) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1085.NASL description Updated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine. A flaw was found in the way the FreeType font rendering engine processed certain PostScript Type 1 fonts. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0226) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 55647 published 2011-07-22 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55647 title RHEL 6 : freetype (RHSA-2011:1085) NASL family Solaris Local Security Checks NASL id SOLARIS11_LIBFXT_20141107.NASL description The remote Solaris system is missing necessary patches to address security updates : - FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226. (CVE-2011-3256) last seen 2020-06-01 modified 2020-06-02 plugin id 80670 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80670 title Oracle Solaris Third-Party Patch Update : libfxt (cve_2011_3256_denial_of) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1173-1.NASL description It was discovered that FreeType did not correctly handle certain malformed Type 1 font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55688 published 2011-07-26 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55688 title Ubuntu 10.10 / 11.04 : freetype vulnerability (USN-1173-1) NASL family Fedora Local Security Checks NASL id FEDORA_2011-9542.NASL description This update fixes CVE-2011-0226. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55872 published 2011-08-17 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55872 title Fedora 15 : freetype-2.4.4-5.fc15 (2011-9542) NASL family Scientific Linux Local Security Checks NASL id SL_20110721_FREETYPE_ON_SL6_X.NASL description FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine. A flaw was found in the way the FreeType font rendering engine processed certain PostScript Type 1 fonts. If a user loaded a specially crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0226) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 61089 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61089 title Scientific Linux Security Update : freetype on SL6.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_FREETYPE2-110726.NASL description This update fixes length checks in psaux/psobjs.c. This issue was used in one of the last jailbreakme exploits for Apple iPhone/iPad products. (CVE-2011-0226) last seen 2020-06-01 modified 2020-06-02 plugin id 55712 published 2011-07-28 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55712 title SuSE 11.1 Security Update : freetype2 (SAT Patch Number 4921) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201201-09.NASL description The remote host is affected by the vulnerability described in GLSA-201201-09 (FreeType: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted font, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 57651 published 2012-01-24 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57651 title GLSA-201201-09 : FreeType: Multiple vulnerabilities
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html
- http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
- http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html
- http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html
- http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html
- http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html
- http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html
- http://secunia.com/advisories/45167
- http://secunia.com/advisories/45224
- http://support.apple.com/kb/HT4802
- http://support.apple.com/kb/HT4803
- http://support.apple.com/kb/HT5002
- http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html
- http://www.debian.org/security/2011/dsa-2294
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:120
- http://www.redhat.com/support/errata/RHSA-2011-1085.html
- http://www.securityfocus.com/bid/48619
- http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html
- http://www.securityfocus.com/bid/48619
- http://www.redhat.com/support/errata/RHSA-2011-1085.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:120
- http://www.debian.org/security/2011/dsa-2294
- http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html
- http://support.apple.com/kb/HT5002
- http://support.apple.com/kb/HT4803
- http://support.apple.com/kb/HT4802
- http://secunia.com/advisories/45224
- http://secunia.com/advisories/45167
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html
- http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html
- http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html
- http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html
- http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html
- http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
- http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html