Published: 14/10/2011 Updated: 29/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

FreeType 2 prior to 2.4.7, as used in CoreGraphics in Apple iOS prior to 5, Mandriva Enterprise Server 5, and possibly other products, allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone os 4.3.3
apple iphone os 4.1
apple iphone os 4.0
apple iphone os 3.2
apple iphone os 3.1
apple iphone os 3.0
apple iphone os 4.2.5
apple iphone os 4.2.1
apple iphone os 4.0.1
apple iphone os 3.1.3
apple iphone os 3.1.2
apple iphone os 4.3.0
apple iphone os 4.2.8
apple iphone os 3.2.1
apple iphone os 4.3.5
apple iphone os 4.3.2
apple iphone os 4.3.1
apple iphone os 4.0.2
apple iphone os 3.2.2

Synopsis Important: freetype security update Type/Severity Security Advisory: Important Topic Updated freetype packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 56 Extended Update SupportThe Red Hat Security Response Team has rated this update as havingimportant secu ...

Debian Bug report logs - #646120 CVE-2011-3256 Package: freetype; Maintainer for freetype is Hugh McMaster <hughmcmaster@outlookcom>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Fri, 21 Oct 2011 14:03:01 UTC Severity: grave Tags: security Fixed in version freetype/247-1 Done: Steve Langase ...

FreeType could be made to crash or run programs as your login if it opened a specially crafted font file ...

It was discovered that missing input sanitising in Freetype's glyph handling could lead to memory corruption, resulting in denial of service or the execution of arbitrary code For the oldstable distribution (lenny), this problem has been fixed in version 237-2+lenny7 For the stable distribution (squeeze), this problem has been fixed in version ...

Multiple input validation flaws were found in the way FreeType processed bitmap font files If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application ...

CWE-94 http://support.apple.com/kb/HT4999 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html https://sourceforge.net/projects/freetype/files/freetype2/2.4.7/README/view http://www.mandriva.com/security/advisories?name=MDVSA-2011:157 http://www.securityfocus.com/bid/50155 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069100.html http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.html http://www.debian.org/security/2011/dsa-2328 http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00012.html http://support.apple.com/kb/HT5130 http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://secunia.com/advisories/48951 https://exchange.xforce.ibmcloud.com/vulnerabilities/70552 https://access.redhat.com/errata/RHSA-2012:0094 https://usn.ubuntu.com/1267-1/https://nvd.nist.gov

CVE-2011-3256

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect