Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2011-0226 (GCVE-0-2011-0226)
Vulnerability from cvelistv5
Published
2011-07-19 22:00
Modified
2024-08-06 21:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:43:15.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45224",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45224"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4803"
},
{
"name": "APPLE-SA-2011-07-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html"
},
{
"name": "openSUSE-SU-2011:0852",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html"
},
{
"name": "48619",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48619"
},
{
"name": "[freetype-devel] 20110709 Re: details on iPhone exploit caused by FreeType?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html"
},
{
"name": "APPLE-SA-2011-07-15-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html"
},
{
"name": "45167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45167"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "RHSA-2011:1085",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1085.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4802"
},
{
"name": "[freetype-devel] 20110708 Re: details on iPhone exploit caused by FreeType?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html"
},
{
"name": "SUSE-SU-2011:0853",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html"
},
{
"name": "[freetype-devel] 20110711 Re: details on iPhone exploit caused by FreeType?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html"
},
{
"name": "DSA-2294",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2294"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "MDVSA-2011:120",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:120"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html"
},
{
"name": "[freetype-devel] 20110708 details on iPhone exploit caused by FreeType?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html"
},
{
"name": "[freetype-devel] 20110711 Re: details on iPhone exploit caused by FreeType?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-23T09:00:00",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "45224",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45224"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4803"
},
{
"name": "APPLE-SA-2011-07-15-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html"
},
{
"name": "openSUSE-SU-2011:0852",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html"
},
{
"name": "48619",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48619"
},
{
"name": "[freetype-devel] 20110709 Re: details on iPhone exploit caused by FreeType?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html"
},
{
"name": "APPLE-SA-2011-07-15-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html"
},
{
"name": "45167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45167"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "RHSA-2011:1085",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1085.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4802"
},
{
"name": "[freetype-devel] 20110708 Re: details on iPhone exploit caused by FreeType?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html"
},
{
"name": "SUSE-SU-2011:0853",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html"
},
{
"name": "[freetype-devel] 20110711 Re: details on iPhone exploit caused by FreeType?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html"
},
{
"name": "DSA-2294",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2294"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "MDVSA-2011:120",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:120"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html"
},
{
"name": "[freetype-devel] 20110708 details on iPhone exploit caused by FreeType?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html"
},
{
"name": "[freetype-devel] 20110711 Re: details on iPhone exploit caused by FreeType?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45224"
},
{
"name": "http://support.apple.com/kb/HT4803",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4803"
},
{
"name": "APPLE-SA-2011-07-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html"
},
{
"name": "openSUSE-SU-2011:0852",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html"
},
{
"name": "48619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48619"
},
{
"name": "[freetype-devel] 20110709 Re: details on iPhone exploit caused by FreeType?",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html"
},
{
"name": "APPLE-SA-2011-07-15-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html"
},
{
"name": "45167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45167"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "RHSA-2011:1085",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1085.html"
},
{
"name": "http://support.apple.com/kb/HT4802",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4802"
},
{
"name": "[freetype-devel] 20110708 Re: details on iPhone exploit caused by FreeType?",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html"
},
{
"name": "SUSE-SU-2011:0853",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html"
},
{
"name": "[freetype-devel] 20110711 Re: details on iPhone exploit caused by FreeType?",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html"
},
{
"name": "DSA-2294",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2294"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "MDVSA-2011:120",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:120"
},
{
"name": "http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html",
"refsource": "MISC",
"url": "http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html"
},
{
"name": "[freetype-devel] 20110708 details on iPhone exploit caused by FreeType?",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html"
},
{
"name": "[freetype-devel] 20110711 Re: details on iPhone exploit caused by FreeType?",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2011-0226",
"datePublished": "2011-07-19T22:00:00",
"dateReserved": "2010-12-23T00:00:00",
"dateUpdated": "2024-08-06T21:43:15.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2011-0226\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2011-07-19T22:55:00.820\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.\"},{\"lang\":\"es\",\"value\":\"Error de entero sin signo en psaux/t1decode.c en FreeType anterior a v2.4.6, es usado enCoreGraphics en Apple iOS anterior a v4.2.9 y v4.3.x anterior a v4.3.4 y otros productos, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria o ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una fuente manipulada Type 1 en un documento PDF, como se explot\u00f3 en Julio 2011.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.4.5\",\"matchCriteriaId\":\"22668317-72EF-41B9-9379-1AEC251C5F49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7252819-BA8A-4BD1-BAAA-179A8777C994\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B4450B4-B21F-4153-B9DD-C36A2381F00D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11575E3C-2BEA-4264-AE41-4A962BD17035\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D333A965-EAD2-40DB-8FBE-C4C7DF44C35C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CA37666-D2E6-47EF-BFFE-A9449D6A72CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2B49505-C973-4673-A9BC-34ACA25059D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8E8ECCA-58F2-4A05-8DF2-79C09A5FB275\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8697D11D-BBDF-4722-85F7-5144A5D26E37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50E3EDA8-04D1-4DF1-80BB-72C6003E8F53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB06CA25-BB25-43B8-9FC2-62C399CC52EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AF7414E-33A7-40E2-AEF0-1AE9D7D1B077\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FC0BD12-E065-4CC9-8AEE-E4C34A58EC3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"214DC64B-BA35-486B-AE30-F2D9381E4D26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7CDE19A-473A-4BC5-AA7B-3D08FEEEE82C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD8401A8-A328-49F6-BAE8-337F5F36C906\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FBF5BAA-8027-478F-BE06-3D3F4F823C7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31358B5D-4087-4207-9730-297BA47DAA83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A73E016-A4B0-416D-B9B6-786A787DAD3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0588BCE1-059B-4602-B274-E9D268720B55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freetype:freetype:2.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D19BE9CC-6B1C-4AC8-9740-2ABDF40C4FEC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.2.8\",\"matchCriteriaId\":\"20E87ED9-A08D-48B2-83A8-AD2C0F6A22A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E28FB0CB-D636-4F85-B5F7-70EC30053925\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EC16D1C-065A-4D1A-BA6E-528A71DF65CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27319629-171F-42AA-A95F-2D71F78097D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"297F9438-0F04-4128-94A8-A504B600929E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8618621-F871-4531-9F6C-7D60F2BF8B75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"824DED2D-FA1D-46FC-8252-6E25546DAE29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1641DDFA-3BF1-467F-8EC3-98114FF9F07B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF40CDA4-4716-4815-9ED0-093FE266734C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D06D54D-97FD-49FD-B251-CC86FBA68CA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25A5D868-0016-44AB-80E6-E5DF91F15455\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"863383DA-0BC6-4A96-835A-A96128EC0202\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51D3BE2B-5A01-4AD4-A436-0056B50A535D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A20F171-79FE-43B9-8309-B18341639FA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"126EF22D-29BC-4366-97BC-B261311E6251\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B3DD7B3-DA4C-4B0A-A94E-6BF66B358B7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A939B80-0AD0-48AF-81A7-370716F56639\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D28528CE-4943-4F82-80C0-A629DA3E6702\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12E22AF0-2B66-425A-A1EE-4F0E3B0433E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB34ECBE-33E8-40E1-936B-7800D2525AE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"107C59BE-D8CF-4A17-8DFB-BED2AB12388D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36C86BB9-0328-4E34-BC2B-47B3471EC262\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1878949F-8E15-4751-8D8A-BFB2B9B9254A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A54A8681-2D8A-4B0B-A947-82F3CE1FB03C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0070D83-2E27-4DA8-8D10-A6A697216F36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7252935C-E421-4339-B61F-0299E28888DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DD342BF-096A-4082-B700-19629F2BDE87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93141AB6-26F2-4C6D-95B3-D383EABB4034\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D5C61FF-7CD3-410A-94F2-5DE701466B1F\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://secunia.com/advisories/45167\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/45224\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4802\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4803\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT5002\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2294\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:120\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1085.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.securityfocus.com/bid/48619\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/45167\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/45224\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4802\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4803\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT5002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2294\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:120\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1085.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/48619\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
var-201107-0097
Vulnerability from variot
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. FreeType is prone to a memory-corruption vulnerability because it fails to properly validate user-supplied data. Attackers can leverage this issue to execute arbitrary code in the context of the application using the vulnerable library. Failed attacks will cause denial-of-service conditions. FreeType 2.4.5 is vulnerable; other versions may also be affected. Note (July 8, 2011): This BID was previously titled 'Apple iOS for iPhone/iPad/iPod touch Privilege Escalation Vulnerability' but has been rewritten to better reflect the underlying vulnerability. It can be used to rasterize and map characters into bitmaps and provide support for other font-related businesses. An integer sign error vulnerability exists in psaux/t1decode.c in FreeType versions prior to 2.4.6 used in CoreGraphics for Apple iOS versions prior to 4.2.9 and 4.3.x prior to 4.3.4 and others.
Packages for 2009.0 are provided as of the Extended Maintenance Program. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . CVE-ID CVE-2011-0226
IOMobileFrameBuffer Available for: iOS 4.2.5 through 4.2.8 for iPhone 4 (CDMA) Impact: Malicious code running as the user may gain system privileges Description: An invalid type conversion issue exists in the use of IOMobileFrameBuffer queueing primitives, which may allow malicious code running as the user to gain system privileges. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone, iPod touch or iPad is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iPhone, iPod touch, or iPad.
The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone, iPod touch, or iPad is docked to your computer.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. ========================================================================== Ubuntu Security Notice USN-1173-1 July 25, 2011
freetype vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
Summary:
FreeType could be made to run programs as your login if it opened a specially crafted font file.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04: libfreetype6 2.4.4-1ubuntu2.1
Ubuntu 10.10: libfreetype6 2.4.2-2ubuntu0.2
After a standard system update you need to restart your session to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: freetype security update Advisory ID: RHSA-2011:1085-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1085.html Issue date: 2011-07-21 CVE Names: CVE-2011-0226 =====================================================================
- Summary:
Updated freetype packages that fix one security issue are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine.
A flaw was found in the way the FreeType font rendering engine processed certain PostScript Type 1 fonts. (CVE-2011-0226)
Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted (log out, then log back in) for this update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
722701 - CVE-2011-0226 freetype: postscript type1 font parsing vulnerability
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm
i386: freetype-2.3.11-6.el6_1.6.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm
x86_64: freetype-2.3.11-6.el6_1.6.i686.rpm freetype-2.3.11-6.el6_1.6.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm
i386: freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-demos-2.3.11-6.el6_1.6.i686.rpm freetype-devel-2.3.11-6.el6_1.6.i686.rpm
x86_64: freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm freetype-demos-2.3.11-6.el6_1.6.x86_64.rpm freetype-devel-2.3.11-6.el6_1.6.i686.rpm freetype-devel-2.3.11-6.el6_1.6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm
x86_64: freetype-2.3.11-6.el6_1.6.i686.rpm freetype-2.3.11-6.el6_1.6.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm
x86_64: freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm freetype-demos-2.3.11-6.el6_1.6.x86_64.rpm freetype-devel-2.3.11-6.el6_1.6.i686.rpm freetype-devel-2.3.11-6.el6_1.6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm
i386: freetype-2.3.11-6.el6_1.6.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-devel-2.3.11-6.el6_1.6.i686.rpm
ppc64: freetype-2.3.11-6.el6_1.6.ppc.rpm freetype-2.3.11-6.el6_1.6.ppc64.rpm freetype-debuginfo-2.3.11-6.el6_1.6.ppc.rpm freetype-debuginfo-2.3.11-6.el6_1.6.ppc64.rpm freetype-devel-2.3.11-6.el6_1.6.ppc.rpm freetype-devel-2.3.11-6.el6_1.6.ppc64.rpm
s390x: freetype-2.3.11-6.el6_1.6.s390.rpm freetype-2.3.11-6.el6_1.6.s390x.rpm freetype-debuginfo-2.3.11-6.el6_1.6.s390.rpm freetype-debuginfo-2.3.11-6.el6_1.6.s390x.rpm freetype-devel-2.3.11-6.el6_1.6.s390.rpm freetype-devel-2.3.11-6.el6_1.6.s390x.rpm
x86_64: freetype-2.3.11-6.el6_1.6.i686.rpm freetype-2.3.11-6.el6_1.6.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm freetype-devel-2.3.11-6.el6_1.6.i686.rpm freetype-devel-2.3.11-6.el6_1.6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm
i386: freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-demos-2.3.11-6.el6_1.6.i686.rpm
ppc64: freetype-debuginfo-2.3.11-6.el6_1.6.ppc64.rpm freetype-demos-2.3.11-6.el6_1.6.ppc64.rpm
s390x: freetype-debuginfo-2.3.11-6.el6_1.6.s390x.rpm freetype-demos-2.3.11-6.el6_1.6.s390x.rpm
x86_64: freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm freetype-demos-2.3.11-6.el6_1.6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm
i386: freetype-2.3.11-6.el6_1.6.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-devel-2.3.11-6.el6_1.6.i686.rpm
x86_64: freetype-2.3.11-6.el6_1.6.i686.rpm freetype-2.3.11-6.el6_1.6.x86_64.rpm freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm freetype-devel-2.3.11-6.el6_1.6.i686.rpm freetype-devel-2.3.11-6.el6_1.6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm
i386: freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm freetype-demos-2.3.11-6.el6_1.6.i686.rpm
x86_64: freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm freetype-demos-2.3.11-6.el6_1.6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-0226.html https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOKEs3XlSAg2UNWIIRApFYAKClEeLjn9l2U5arrjouc7fAtKIS6ACfUpiw CWvYkbEwtFsTlSMupeW9Vao= =nc3+ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
For the oldstable distribution (lenny), this problem has been fixed in version 2.3.7-2+lenny6.
For the stable distribution (squeeze), this problem has been fixed in version 2.4.2-2.1+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 2.4.6-1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006
OS X Lion v10.7.2 and Security Update 2011-006 is now available and addresses the following:
Apache Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.20 to address several vulnerabilities, the most serious of which may lead to a denial of service. CVE-2011-0419 does not affect OS X Lion systems. Further information is available via the Apache web site at http://httpd.apache.org/ CVE-ID CVE-2011-0419 CVE-2011-3192
Application Firewall Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Executing a binary with a maliciously crafted name may lead to arbitrary code execution with elevated privileges Description: A format string vulnerability existed in Application Firewall's debug logging. CVE-ID CVE-2011-0185 : an anonymous reporter
ATS Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: A signedness issue existed in ATS' handling of Type 1 fonts. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3437
ATS Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution Description: An out of bounds memory access issue existed in ATS' handling of Type 1 fonts. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0229 : Will Dormann of the CERT/CC
ATS Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Applications which use the ATSFontDeactivate API may be vulnerable to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue existed in the ATSFontDeactivate API. CVE-ID CVE-2011-0230 : Steven Michaud of Mozilla
BIND Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in BIND 9.7.3 Description: Multiple denial of service issues existed in BIND 9.7.3. These issues are addressed by updating BIND to version 9.7.3-P3. CVE-ID CVE-2011-1910 CVE-2011-2464
BIND Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in BIND Description: Multiple denial of service issues existed in BIND. These issues are addressed by updating BIND to version 9.6-ESV-R4-P3. CVE-ID CVE-2009-4022 CVE-2010-0097 CVE-2010-3613 CVE-2010-3614 CVE-2011-1910 CVE-2011-2464
Certificate Trust Policy Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1. Impact: Root certificates have been updated Description: Several trusted certificates were added to the list of system roots. Several existing certificates were updated to their most recent version. The complete list of recognized system roots may be viewed via the Keychain Access application.
CFNetwork Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Safari may store cookies it is not configured to accept Description: A synchronization issue existed in CFNetwork's handling of cookie policies. Safari's cookie preferences may not be honored, allowing websites to set cookies that would be blocked were the preference enforced. This update addresses the issue through improved handling of cookie storage. CVE-ID CVE-2011-0231 : Martin Tessarek, Steve Riggins of Geeks R Us, Justin C. Walker, and Stephen Creswell
CFNetwork Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of HTTP cookies. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could incorrectly send the cookies for a domain to a server outside that domain. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3246 : Erling Ellingsen of Facebook
CoreFoundation Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in CoreFoundation's handling of string tokenization. This issue does not affect OS X Lion systems. This update addresses the issue through improved bounds checking. CVE-ID CVE-2011-0259 : Apple
CoreMedia Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Visiting a maliciously crafted website may lead to the disclosure of video data from another site Description: A cross-origin issue existed in CoreMedia's handling of cross-site redirects. This issue is addressed through improved origin tracking. CVE-ID CVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)
CoreMedia Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of QuickTime movie files. These issues do not affect OS X Lion systems. CVE-ID CVE-2011-0224 : Apple
CoreProcesses Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A person with physical access to a system may partially bypass the screen lock Description: A system window, such as a VPN password prompt, that appeared while the screen was locked may have accepted keystrokes while the screen was locked. This issue is addressed by preventing system windows from requesting keystrokes while the screen is locked. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-0260 : Clint Tseng of the University of Washington, Michael Kobb, and Adam Kemp
CoreStorage Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Converting to FileVault does not erase all existing data Description: After enabling FileVault, approximately 250MB at the start of the volume was left unencrypted on the disk in an unused area. Only data which was present on the volume before FileVault was enabled was left unencrypted. This issue is addressed by erasing this area when enabling FileVault, and on the first use of an encrypted volume affected by this issue. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3212 : Judson Powers of ATC-NY
File Systems Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: An attacker in a privileged network position may manipulate HTTPS server certificates, leading to the disclosure of sensitive information Description: An issue existed in the handling of WebDAV volumes on HTTPS servers. If the server presented a certificate chain that could not be automatically verified, a warning was displayed and the connection was closed. If the user clicked the "Continue" button in the warning dialog, any certificate was accepted on the following connection to that server. An attacker in a privileged network position may have manipulated the connection to obtain sensitive information or take action on the server on the user's behalf. This update addresses the issue by validating that the certificate received on the second connection is the same certificate originally presented to the user. CVE-ID CVE-2011-3213 : Apple
IOGraphics Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: A person with physical access may be able to bypass the screen lock Description: An issue existed with the screen lock when used with Apple Cinema Displays. When a password is required to wake from sleep, a person with physical access may be able to access the system without entering a password if the system is in display sleep mode. This update addresses the issue by ensuring that the lock screen is correctly activated in display sleep mode. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3214 : Apple
iChat Server Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A remote attacker may cause the Jabber server to consume system resources disproportionately Description: An issue existed in the handling of XML external entities in jabberd2, a server for the Extensible Messaging and Presence Protocol (XMPP). jabberd2 expands external entities in incoming requests. This allows an attacker to consume system resources very quickly, denying service to legitimate users of the server. This update addresses the issue by disabling entity expansion in incoming requests. CVE-ID CVE-2011-1755
Kernel Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A person with physical access may be able to access the user's password Description: A logic error in the kernel's DMA protection permitted firewire DMA at loginwindow, boot, and shutdown, although not at screen lock. This update addresses the issue by preventing firewire DMA at all states where the user is not logged in. CVE-ID CVE-2011-3215 : Passware, Inc.
Kernel Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: An unprivileged user may be able to delete another user's files in a shared directory Description: A logic error existed in the kernel's handling of file deletions in directories with the sticky bit. CVE-ID CVE-2011-3216 : Gordon Davisson of Crywolf, Linc Davis, R. Dormer, and Allan Schmid and Oliver Jeckel of brainworks Training
libsecurity Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution Description: An error handling issue existed when parsing a nonstandard certificate revocation list extension. CVE-ID CVE-2011-3227 : Richard Godbee of Virginia Tech
Mailman Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Mailman 2.1.14 Description: Multiple cross-site scripting issues existed in Mailman 2.1.14. These issues are addressed by improved encoding of characters in HTML output. Further information is available via the Mailman site at http://mail.python.org/pipermail/mailman- announce/2011-February/000158.html This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0707
MediaKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of disk images. These issues do not affect OS X Lion systems. CVE-ID CVE-2011-3217 : Apple
Open Directory Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Any user may read another local user's password data Description: An access control issue existed in Open Directory. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3435 : Arek Dreyer of Dreyer Network Consultants, Inc, and Patrick Dunstan at defenseindepth.net
Open Directory Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: An authenticated user may change that account's password without providing the current password Description: An access control issue existed in Open Directory. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3436 : Patrick Dunstan at defenceindepth.net
Open Directory Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A user may be able to log in without a password Description: When Open Directory is bound to an LDAPv3 server using RFC2307 or custom mappings, such that there is no AuthenticationAuthority attribute for a user, an LDAP user may be allowed to log in without a password. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3226 : Jeffry Strunk of The University of Texas at Austin, Steven Eppler of Colorado Mesa University, Hugh Cole-Baker, and Frederic Metoz of Institut de Biologie Structurale
PHP Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in FreeType's handling of Type 1 fonts. This issue does not affect systems prior to OS X Lion. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2011-0226
PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in libpng 1.4.3 Description: libpng is updated to version 1.5.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-2690 CVE-2011-2691 CVE-2011-2692
PHP Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in PHP 5.3.4 Description: PHP is updated to version 5.3.6 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. This issues do not affect OS X Lion systems. Further information is available via the PHP website at http://www.php.net/ CVE-ID CVE-2010-3436 CVE-2010-4645 CVE-2011-0420 CVE-2011-0421 CVE-2011-0708 CVE-2011-1092 CVE-2011-1153 CVE-2011-1466 CVE-2011-1467 CVE-2011-1468 CVE-2011-1469 CVE-2011-1470 CVE-2011-1471
postfix Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: An attacker in a privileged network position may manipulate mail sessions, resulting in the disclosure of sensitive information Description: A logic issue existed in Postfix in the handling of the STARTTLS command. After receiving a STARTTLS command, Postfix may process other plain-text commands. An attacker in a privileged network position may manipulate the mail session to obtain sensitive information from the encrypted traffic. This update addresses the issue by clearing the command queue after processing a STARTTLS command. This issue does not affect OS X Lion systems. Further information is available via the Postfix site at http://www.postfix.org/announcements/postfix-2.7.3.html CVE-ID CVE-2011-0411
python Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in python Description: Multiple vulnerabilities existed in python, the most serious of which may lead to arbitrary code execution. This update addresses the issues by applying patches from the python project. Further information is available via the python site at http://www.python.org/download/releases/ CVE-ID CVE-2010-1634 CVE-2010-2089 CVE-2011-1521
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime's handling of movie files. CVE-ID CVE-2011-3228 : Apple
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSC atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSS atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0250 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STSZ atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0251 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of STTS atoms in QuickTime movie files. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: An attacker in a privileged network position may inject script in the local domain when viewing template HTML Description: A cross-site scripting issue existed in QuickTime Player's "Save for Web" export. The template HTML files generated by this feature referenced a script file from a non-encrypted origin. An attacker in a privileged network position may be able to inject malicious scripts in the local domain if the user views a template file locally. This issue is resolved by removing the reference to an online script. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3218 : Aaron Sigel of vtty.com
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of H.264 encoded movie files. CVE-ID CVE-2011-3219 : Damian Put working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to the disclosure of memory contents Description: An uninitialized memory access issue existed in QuickTime's handling of URL data handlers within movie files. CVE-ID CVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An implementation issue existed in QuickTime's handling of the atom hierarchy within a movie file. CVE-ID CVE-2011-3221 : an anonymous researcher working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted FlashPix file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of FlashPix files. CVE-ID CVE-2011-3222 : Damian Put working with TippingPoint's Zero Day Initiative
QuickTime Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of FLIC files. CVE-ID CVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative
SMB File Server Available for: OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: A guest user may browse shared folders Description: An access control issue existed in the SMB File Server. Disallowing guest access to the share point record for a folder prevented the '_unknown' user from browsing the share point but not guests (user 'nobody'). This issue is addressed by applying the access control to the guest user. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3225
Tomcat Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Multiple vulnerabilities in Tomcat 6.0.24 Description: Tomcat is updated to version 6.0.32 to address multiple vulnerabilities, the most serious of which may lead to a cross site scripting attack. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at http://tomcat.apache.org/ CVE-ID CVE-2010-1157 CVE-2010-2227 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 CVE-2011-0534
User Documentation Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: An attacker in a privileged network position may manipulate App Store help content, leading to arbitrary code execution Description: App Store help content was updated over HTTP. This update addresses the issue by updating App Store help content over HTTPS. This issue does not affect OS X Lion systems. CVE-ID CVE-2011-3224 : Aaron Sigel of vtty.com
Web Server Available for: Mac OS X Server v10.6.8 Impact: Clients may be unable to access web services that require digest authentication Description: An issue in the handling of HTTP Digest authentication was addressed. Users may be denied access to the server's resources, when the server configuration should have allowed the access. This issue does not represent a security risk, and was addressed to facilitate the use of stronger authentication mechanisms. Systems running OS X Lion Server are not affected by this issue.
X11 Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1 Impact: Multiple vulnerabilities in libpng Description: Multiple vulnerabilities existed in libpng, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating libpng to version 1.5.4 on OS Lion systems, and to 1.2.46 on Mac OS X v10.6 systems. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-2690 CVE-2011-2691 CVE-2011-2692
OS X Lion v10.7.2 also includes Safari 5.1.1. For information on the security content of Safari 5.1.1, please visit: http://support.apple.com/kb/HT5000
OS X Lion v10.7.2 and Security Update 2011-006 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2011-006 or OS X v10.7.2.
For OS X Lion v10.7.1 The download file is named: MacOSXUpd10.7.2.dmg Its SHA-1 digest is: 37f784e08d4461e83a891a7f8b8af24c2ceb8229
For OS X Lion v10.7 The download file is named: MacOSXUpdCombo10.7.2.dmg Its SHA-1 digest is: accd06d610af57df24f62ce7af261395944620eb
For OS X Lion Server v10.7.1 The download file is named: MacOSXServerUpd10.7.2.dmg Its SHA-1 digest is: e4084bf1dfa295a42f619224d149e515317955da
For OS X Lion Server v10.7 The download file is named: MacOSXServerUpdCombo10.7.2.dmg Its SHA-1 digest is: 25e86f5cf97b6644c7a025230431b1992962ec4a
For Mac OS X v10.6.8 The download file is named: SecUpd2011-006Snow.dmg Its SHA-1 digest is: 0f9c29610a06370d0c85a4c92dc278a48ba17a84
For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2011-006.dmg Its SHA-1 digest is: 12de3732710bb03059f93527189d221c97ef8a06
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
iQEcBAEBAgAGBQJOlc/zAAoJEGnF2JsdZQeeWFcH/RDHS+dCP8T4a92uYRIbs9T3 TFbT7hnOoTB0H+2eN3oziLNime2N4mO921heHobiAKSXv/luU41ZPHxVd6rE77Md /BHDqLv65RA0XFTIPmrTcfpLhI5UgXDLfOLrsmdwTm52l5zQZkoxufYFf3mB3h7U ZJUD1s081Pjy45/Cbao097+JrDwS7ahhgkvTmpmSvJK/wWRz4JtZkvIYcQ2uQFR4 sTg4l6pmi3d8sJJ4wzrEaxDpclRjvjURI4DiBMYwGAXeCMRgYi0y03tYtkjXoaSG 69h2yD8EXQBuJkDyouak7/M/eMwUfb2S6o1HyXTldjdvFBFvvwvl+Y3xp8YmDzU= =gsvn -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201107-0097",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "freetype",
"scope": "eq",
"trust": 1.9,
"vendor": "freetype",
"version": "2.4.3"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.9,
"vendor": "freetype",
"version": "2.4.2"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.6,
"vendor": "freetype",
"version": "2.3.9"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.6,
"vendor": "freetype",
"version": "2.4.4"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.6,
"vendor": "freetype",
"version": "2.4.0"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.6,
"vendor": "freetype",
"version": "2.3.10"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.6,
"vendor": "freetype",
"version": "2.3.12"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.6,
"vendor": "freetype",
"version": "2.3.8"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.6,
"vendor": "freetype",
"version": "2.3.11"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.6,
"vendor": "freetype",
"version": "2.4.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.1.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.0,
"vendor": "freetype",
"version": "2.3.6"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.0,
"vendor": "freetype",
"version": "2.3.5"
},
{
"model": "freetype",
"scope": "lte",
"trust": 1.0,
"vendor": "freetype",
"version": "2.4.5"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.0,
"vendor": "freetype",
"version": "2.2.1"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.0,
"vendor": "freetype",
"version": "2.2.10"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.0,
"vendor": "freetype",
"version": "2.3.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.2.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.0,
"vendor": "freetype",
"version": "2.3.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.2"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.0,
"vendor": "freetype",
"version": "2.3.4"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.2"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.0,
"vendor": "freetype",
"version": "2.3.3"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.0"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.0,
"vendor": "freetype",
"version": "2.3.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.1"
},
{
"model": "freetype",
"scope": "eq",
"trust": 1.0,
"vendor": "freetype",
"version": "2.3.7"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.4"
},
{
"model": "freetype",
"scope": "lt",
"trust": 0.8,
"vendor": "freetype",
"version": "2.4.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.0 to 4.3.3 ( iphone 3gs and iphone 4 (gsm model ))"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.1 to 4.3.3 (ipod touch (3rd generation) or later )"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.2 to 4.3.3 (ipad for )"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "4.2.5 to 4.2.8 (iphone 4 (cdma model ))"
},
{
"model": "ipad",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "iphone",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "ipod touch",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6.1.z"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "6"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.10"
},
{
"model": "linux enterprise server for vmware sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise sdk sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise desktop sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.3"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.4.5"
},
{
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.4"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "ip deskphone",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "96x16"
},
{
"model": "mobile safari",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7"
},
{
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ipad",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.8"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.7"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.5"
},
{
"model": "ios beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.7.2"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.4"
},
{
"model": "ios",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.9"
}
],
"sources": [
{
"db": "BID",
"id": "48619"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001951"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-230"
},
{
"db": "NVD",
"id": "CVE-2011-0226"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:freetype:freetype",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:apple:ipad",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:apple:iphone",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:apple:ipod_touch",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_hpc_node",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:redhat:rhel_server_eus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001951"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "comex, Grant \u0027chpwn\u0027 Paul, Jay \u0027saurik\u0027 Freeman",
"sources": [
{
"db": "BID",
"id": "48619"
}
],
"trust": 0.3
},
"cve": "CVE-2011-0226",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2011-0226",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-48171",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-0226",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-0226",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201107-230",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-48171",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48171"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001951"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-230"
},
{
"db": "NVD",
"id": "CVE-2011-0226"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. FreeType is prone to a memory-corruption vulnerability because it fails to properly validate user-supplied data. \nAttackers can leverage this issue to execute arbitrary code in the context of the application using the vulnerable library. Failed attacks will cause denial-of-service conditions. \nFreeType 2.4.5 is vulnerable; other versions may also be affected. \nNote (July 8, 2011): This BID was previously titled \u0027Apple iOS for iPhone/iPad/iPod touch Privilege Escalation Vulnerability\u0027 but has been rewritten to better reflect the underlying vulnerability. It can be used to rasterize and map characters into bitmaps and provide support for other font-related businesses. An integer sign error vulnerability exists in psaux/t1decode.c in FreeType versions prior to 2.4.6 used in CoreGraphics for Apple iOS versions prior to 4.2.9 and 4.3.x prior to 4.3.4 and others. \n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nCVE-ID\nCVE-2011-0226\n\nIOMobileFrameBuffer\nAvailable for: iOS 4.2.5 through 4.2.8 for iPhone 4 (CDMA)\nImpact: Malicious code running as the user may gain system\nprivileges\nDescription: An invalid type conversion issue exists in the use of\nIOMobileFrameBuffer queueing primitives, which may allow malicious\ncode running as the user to gain system privileges. Make sure you have an Internet connection and have\ninstalled the latest version of iTunes from www.apple.com/itunes/\n\niTunes will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it will download it. When\nthe iPhone, iPod touch or iPad is docked, iTunes will present the\nuser with the option to install the update. We recommend applying\nthe update immediately if possible. Selecting Don\u0027t Install will\npresent the option the next time you connect your iPhone, iPod touch,\nor iPad. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes checks for updates. You may manually obtain the\nupdate via the Check for Updates button within iTunes. After doing\nthis, the update can be applied when your iPhone, iPod touch, or iPad\nis docked to your computer. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. ==========================================================================\nUbuntu Security Notice USN-1173-1\nJuly 25, 2011\n\nfreetype vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.04\n- Ubuntu 10.10\n\nSummary:\n\nFreeType could be made to run programs as your login if it opened a\nspecially crafted font file. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.04:\n libfreetype6 2.4.4-1ubuntu2.1\n\nUbuntu 10.10:\n libfreetype6 2.4.2-2ubuntu0.2\n\nAfter a standard system update you need to restart your session to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: freetype security update\nAdvisory ID: RHSA-2011:1085-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2011-1085.html\nIssue date: 2011-07-21\nCVE Names: CVE-2011-0226 \n=====================================================================\n\n1. Summary:\n\nUpdated freetype packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nFreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide the FreeType 2 font engine. \n\nA flaw was found in the way the FreeType font rendering engine processed\ncertain PostScript Type 1 fonts. (CVE-2011-0226)\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct this issue. The X server must be restarted (log\nout, then log back in) for this update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n722701 - CVE-2011-0226 freetype: postscript type1 font parsing vulnerability\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm\n\ni386:\nfreetype-2.3.11-6.el6_1.6.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm\n\nx86_64:\nfreetype-2.3.11-6.el6_1.6.i686.rpm\nfreetype-2.3.11-6.el6_1.6.x86_64.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm\n\ni386:\nfreetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm\nfreetype-demos-2.3.11-6.el6_1.6.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.6.i686.rpm\n\nx86_64:\nfreetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm\nfreetype-demos-2.3.11-6.el6_1.6.x86_64.rpm\nfreetype-devel-2.3.11-6.el6_1.6.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm\n\nx86_64:\nfreetype-2.3.11-6.el6_1.6.i686.rpm\nfreetype-2.3.11-6.el6_1.6.x86_64.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm\n\nx86_64:\nfreetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm\nfreetype-demos-2.3.11-6.el6_1.6.x86_64.rpm\nfreetype-devel-2.3.11-6.el6_1.6.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm\n\ni386:\nfreetype-2.3.11-6.el6_1.6.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.6.i686.rpm\n\nppc64:\nfreetype-2.3.11-6.el6_1.6.ppc.rpm\nfreetype-2.3.11-6.el6_1.6.ppc64.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.6.ppc.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.6.ppc64.rpm\nfreetype-devel-2.3.11-6.el6_1.6.ppc.rpm\nfreetype-devel-2.3.11-6.el6_1.6.ppc64.rpm\n\ns390x:\nfreetype-2.3.11-6.el6_1.6.s390.rpm\nfreetype-2.3.11-6.el6_1.6.s390x.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.6.s390.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.6.s390x.rpm\nfreetype-devel-2.3.11-6.el6_1.6.s390.rpm\nfreetype-devel-2.3.11-6.el6_1.6.s390x.rpm\n\nx86_64:\nfreetype-2.3.11-6.el6_1.6.i686.rpm\nfreetype-2.3.11-6.el6_1.6.x86_64.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm\nfreetype-devel-2.3.11-6.el6_1.6.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm\n\ni386:\nfreetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm\nfreetype-demos-2.3.11-6.el6_1.6.i686.rpm\n\nppc64:\nfreetype-debuginfo-2.3.11-6.el6_1.6.ppc64.rpm\nfreetype-demos-2.3.11-6.el6_1.6.ppc64.rpm\n\ns390x:\nfreetype-debuginfo-2.3.11-6.el6_1.6.s390x.rpm\nfreetype-demos-2.3.11-6.el6_1.6.s390x.rpm\n\nx86_64:\nfreetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm\nfreetype-demos-2.3.11-6.el6_1.6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm\n\ni386:\nfreetype-2.3.11-6.el6_1.6.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.6.i686.rpm\n\nx86_64:\nfreetype-2.3.11-6.el6_1.6.i686.rpm\nfreetype-2.3.11-6.el6_1.6.x86_64.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm\nfreetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm\nfreetype-devel-2.3.11-6.el6_1.6.i686.rpm\nfreetype-devel-2.3.11-6.el6_1.6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm\n\ni386:\nfreetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm\nfreetype-demos-2.3.11-6.el6_1.6.i686.rpm\n\nx86_64:\nfreetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm\nfreetype-demos-2.3.11-6.el6_1.6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-0226.html\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFOKEs3XlSAg2UNWIIRApFYAKClEeLjn9l2U5arrjouc7fAtKIS6ACfUpiw\nCWvYkbEwtFsTlSMupeW9Vao=\n=nc3+\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.3.7-2+lenny6. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.2-2.1+squeeze1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.4.6-1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006\n\nOS X Lion v10.7.2 and Security Update 2011-006 is now available and\naddresses the following:\n\nApache\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Multiple vulnerabilities in Apache\nDescription: Apache is updated to version 2.2.20 to address several\nvulnerabilities, the most serious of which may lead to a denial of\nservice. CVE-2011-0419 does not affect OS X Lion systems. Further\ninformation is available via the Apache web site at\nhttp://httpd.apache.org/\nCVE-ID\nCVE-2011-0419\nCVE-2011-3192\n\nApplication Firewall\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Executing a binary with a maliciously crafted name may lead\nto arbitrary code execution with elevated privileges\nDescription: A format string vulnerability existed in Application\nFirewall\u0027s debug logging. \nCVE-ID\nCVE-2011-0185 : an anonymous reporter\n\nATS\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Viewing or downloading a document containing a maliciously\ncrafted embedded font may lead to arbitrary code execution\nDescription: A signedness issue existed in ATS\u0027 handling of Type 1\nfonts. This issue does not affect systems prior to OS X Lion. \nCVE-ID\nCVE-2011-3437\n\nATS\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing or downloading a document containing a maliciously\ncrafted embedded font may lead to arbitrary code execution\nDescription: An out of bounds memory access issue existed in ATS\u0027\nhandling of Type 1 fonts. This issue does not affect OS X Lion\nsystems. \nCVE-ID\nCVE-2011-0229 : Will Dormann of the CERT/CC\n\nATS\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Applications which use the ATSFontDeactivate API may be\nvulnerable to an unexpected application termination or arbitrary code\nexecution\nDescription: A buffer overflow issue existed in the\nATSFontDeactivate API. \nCVE-ID\nCVE-2011-0230 : Steven Michaud of Mozilla\n\nBIND\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Multiple vulnerabilities in BIND 9.7.3\nDescription: Multiple denial of service issues existed in BIND\n9.7.3. These issues are addressed by updating BIND to version\n9.7.3-P3. \nCVE-ID\nCVE-2011-1910\nCVE-2011-2464\n\nBIND\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in BIND\nDescription: Multiple denial of service issues existed in BIND. \nThese issues are addressed by updating BIND to version 9.6-ESV-R4-P3. \nCVE-ID\nCVE-2009-4022\nCVE-2010-0097\nCVE-2010-3613\nCVE-2010-3614\nCVE-2011-1910\nCVE-2011-2464\n\nCertificate Trust Policy\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1. \nImpact: Root certificates have been updated\nDescription: Several trusted certificates were added to the list of\nsystem roots. Several existing certificates were updated to their\nmost recent version. The complete list of recognized system roots may\nbe viewed via the Keychain Access application. \n\nCFNetwork\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Safari may store cookies it is not configured to accept\nDescription: A synchronization issue existed in CFNetwork\u0027s handling\nof cookie policies. Safari\u0027s cookie preferences may not be honored,\nallowing websites to set cookies that would be blocked were the\npreference enforced. This update addresses the issue through improved\nhandling of cookie storage. \nCVE-ID\nCVE-2011-0231 : Martin Tessarek, Steve Riggins of Geeks R Us, Justin\nC. Walker, and Stephen Creswell\n\nCFNetwork\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of sensitive information\nDescription: An issue existed in CFNetwork\u0027s handling of HTTP\ncookies. When accessing a maliciously crafted HTTP or HTTPS URL,\nCFNetwork could incorrectly send the cookies for a domain to a server\noutside that domain. This issue does not affect systems prior to OS X\nLion. \nCVE-ID\nCVE-2011-3246 : Erling Ellingsen of Facebook\n\nCoreFoundation\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted website or e-mail message may\nlead to an unexpected application termination or arbitrary code\nexecution\nDescription: A memory corruption issue existed in CoreFoundation\u0027s\nhandling of string tokenization. This issue does not affect OS X Lion\nsystems. This update addresses the issue through improved bounds\nchecking. \nCVE-ID\nCVE-2011-0259 : Apple\n\nCoreMedia\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Visiting a maliciously crafted website may lead to the\ndisclosure of video data from another site\nDescription: A cross-origin issue existed in CoreMedia\u0027s handling of\ncross-site redirects. This issue is addressed through improved origin\ntracking. \nCVE-ID\nCVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability\nResearch (MSVR)\n\nCoreMedia\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of QuickTime movie files. These issues do not affect OS X\nLion systems. \nCVE-ID\nCVE-2011-0224 : Apple\n\nCoreProcesses\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: A person with physical access to a system may partially\nbypass the screen lock\nDescription: A system window, such as a VPN password prompt, that\nappeared while the screen was locked may have accepted keystrokes\nwhile the screen was locked. This issue is addressed by preventing\nsystem windows from requesting keystrokes while the screen is locked. \nThis issue does not affect systems prior to OS X Lion. \nCVE-ID\nCVE-2011-0260 : Clint Tseng of the University of Washington, Michael\nKobb, and Adam Kemp\n\nCoreStorage\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Converting to FileVault does not erase all existing data\nDescription: After enabling FileVault, approximately 250MB at the\nstart of the volume was left unencrypted on the disk in an unused\narea. Only data which was present on the volume before FileVault was\nenabled was left unencrypted. This issue is addressed by erasing this\narea when enabling FileVault, and on the first use of an encrypted\nvolume affected by this issue. This issue does not affect systems\nprior to OS X Lion. \nCVE-ID\nCVE-2011-3212 : Judson Powers of ATC-NY\n\nFile Systems\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: An attacker in a privileged network position may manipulate\nHTTPS server certificates, leading to the disclosure of sensitive\ninformation\nDescription: An issue existed in the handling of WebDAV volumes on\nHTTPS servers. If the server presented a certificate chain that could\nnot be automatically verified, a warning was displayed and the\nconnection was closed. If the user clicked the \"Continue\" button in\nthe warning dialog, any certificate was accepted on the following\nconnection to that server. An attacker in a privileged network\nposition may have manipulated the connection to obtain sensitive\ninformation or take action on the server on the user\u0027s behalf. This\nupdate addresses the issue by validating that the certificate\nreceived on the second connection is the same certificate originally\npresented to the user. \nCVE-ID\nCVE-2011-3213 : Apple\n\nIOGraphics\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: A person with physical access may be able to bypass the\nscreen lock\nDescription: An issue existed with the screen lock when used with\nApple Cinema Displays. When a password is required to wake from\nsleep, a person with physical access may be able to access the system\nwithout entering a password if the system is in display sleep mode. \nThis update addresses the issue by ensuring that the lock screen is\ncorrectly activated in display sleep mode. This issue does not affect\nOS X Lion systems. \nCVE-ID\nCVE-2011-3214 : Apple\n\niChat Server\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: A remote attacker may cause the Jabber server to consume\nsystem resources disproportionately\nDescription: An issue existed in the handling of XML external\nentities in jabberd2, a server for the Extensible Messaging and\nPresence Protocol (XMPP). jabberd2 expands external entities in\nincoming requests. This allows an attacker to consume system\nresources very quickly, denying service to legitimate users of the\nserver. This update addresses the issue by disabling entity expansion\nin incoming requests. \nCVE-ID\nCVE-2011-1755\n\nKernel\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: A person with physical access may be able to access the\nuser\u0027s password\nDescription: A logic error in the kernel\u0027s DMA protection permitted\nfirewire DMA at loginwindow, boot, and shutdown, although not at\nscreen lock. This update addresses the issue by preventing firewire\nDMA at all states where the user is not logged in. \nCVE-ID\nCVE-2011-3215 : Passware, Inc. \n\nKernel\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: An unprivileged user may be able to delete another user\u0027s\nfiles in a shared directory\nDescription: A logic error existed in the kernel\u0027s handling of file\ndeletions in directories with the sticky bit. \nCVE-ID\nCVE-2011-3216 : Gordon Davisson of Crywolf, Linc Davis, R. Dormer,\nand Allan Schmid and Oliver Jeckel of brainworks Training\n\nlibsecurity\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted website or e-mail message may\nlead to an unexpected application termination or arbitrary code\nexecution\nDescription: An error handling issue existed when parsing a\nnonstandard certificate revocation list extension. \nCVE-ID\nCVE-2011-3227 : Richard Godbee of Virginia Tech\n\nMailman\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in Mailman 2.1.14\nDescription: Multiple cross-site scripting issues existed in Mailman\n2.1.14. These issues are addressed by improved encoding of characters\nin HTML output. Further information is available via the Mailman site\nat http://mail.python.org/pipermail/mailman-\nannounce/2011-February/000158.html This issue does not affect OS X\nLion systems. \nCVE-ID\nCVE-2011-0707\n\nMediaKit\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Opening a maliciously crafted disk image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in the\nhandling of disk images. These issues do not affect OS X Lion\nsystems. \nCVE-ID\nCVE-2011-3217 : Apple\n\nOpen Directory\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Any user may read another local user\u0027s password data\nDescription: An access control issue existed in Open Directory. This\nissue does not affect systems prior to OS X Lion. \nCVE-ID\nCVE-2011-3435 : Arek Dreyer of Dreyer Network Consultants, Inc, and\nPatrick Dunstan at defenseindepth.net\n\nOpen Directory\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: An authenticated user may change that account\u0027s password\nwithout providing the current password\nDescription: An access control issue existed in Open Directory. This\nissue does not affect systems prior to OS X Lion. \nCVE-ID\nCVE-2011-3436 : Patrick Dunstan at defenceindepth.net\n\nOpen Directory\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: A user may be able to log in without a password\nDescription: When Open Directory is bound to an LDAPv3 server using\nRFC2307 or custom mappings, such that there is no\nAuthenticationAuthority attribute for a user, an LDAP user may be\nallowed to log in without a password. This issue does not affect\nsystems prior to OS X Lion. \nCVE-ID\nCVE-2011-3226 : Jeffry Strunk of The University of Texas at Austin,\nSteven Eppler of Colorado Mesa University, Hugh Cole-Baker, and\nFrederic Metoz of Institut de Biologie Structurale\n\nPHP\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A signedness issue existed in FreeType\u0027s handling of\nType 1 fonts. This issue does not affect systems prior to OS X Lion. Further\ninformation is available via the FreeType site at\nhttp://www.freetype.org/\nCVE-ID\nCVE-2011-0226\n\nPHP\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Multiple vulnerabilities in libpng 1.4.3\nDescription: libpng is updated to version 1.5.4 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. Further information is available via the libpng website at\nhttp://www.libpng.org/pub/png/libpng.html\nCVE-ID\nCVE-2011-2690\nCVE-2011-2691\nCVE-2011-2692\n\nPHP\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in PHP 5.3.4\nDescription: PHP is updated to version 5.3.6 to address multiple\nvulnerabilities, the most serious of which may lead to arbitrary code\nexecution. This issues do not affect OS X Lion systems. Further\ninformation is available via the PHP website at http://www.php.net/\nCVE-ID\nCVE-2010-3436\nCVE-2010-4645\nCVE-2011-0420\nCVE-2011-0421\nCVE-2011-0708\nCVE-2011-1092\nCVE-2011-1153\nCVE-2011-1466\nCVE-2011-1467\nCVE-2011-1468\nCVE-2011-1469\nCVE-2011-1470\nCVE-2011-1471\n\npostfix\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: An attacker in a privileged network position may manipulate\nmail sessions, resulting in the disclosure of sensitive information\nDescription: A logic issue existed in Postfix in the handling of the\nSTARTTLS command. After receiving a STARTTLS command, Postfix may\nprocess other plain-text commands. An attacker in a privileged\nnetwork position may manipulate the mail session to obtain sensitive\ninformation from the encrypted traffic. This update addresses the\nissue by clearing the command queue after processing a STARTTLS\ncommand. This issue does not affect OS X Lion systems. Further\ninformation is available via the Postfix site at\nhttp://www.postfix.org/announcements/postfix-2.7.3.html\nCVE-ID\nCVE-2011-0411\n\npython\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Multiple vulnerabilities in python\nDescription: Multiple vulnerabilities existed in python, the most\nserious of which may lead to arbitrary code execution. This update\naddresses the issues by applying patches from the python project. \nFurther information is available via the python site at\nhttp://www.python.org/download/releases/\nCVE-ID\nCVE-2010-1634\nCVE-2010-2089\nCVE-2011-1521\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in\nQuickTime\u0027s handling of movie files. \nCVE-ID\nCVE-2011-3228 : Apple\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in the handling of STSC\natoms in QuickTime movie files. This issue does not affect OS X Lion\nsystems. \nCVE-ID\nCVE-2011-0249 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in the handling of STSS\natoms in QuickTime movie files. This issue does not affect OS X Lion\nsystems. \nCVE-ID\nCVE-2011-0250 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in the handling of STSZ\natoms in QuickTime movie files. This issue does not affect OS X Lion\nsystems. \nCVE-ID\nCVE-2011-0251 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A heap buffer overflow existed in the handling of STTS\natoms in QuickTime movie files. This issue does not affect OS X Lion\nsystems. \nCVE-ID\nCVE-2011-0252 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: An attacker in a privileged network position may inject\nscript in the local domain when viewing template HTML\nDescription: A cross-site scripting issue existed in QuickTime\nPlayer\u0027s \"Save for Web\" export. The template HTML files generated by\nthis feature referenced a script file from a non-encrypted origin. An\nattacker in a privileged network position may be able to inject\nmalicious scripts in the local domain if the user views a template\nfile locally. This issue is resolved by removing the reference to an\nonline script. This issue does not affect OS X Lion systems. \nCVE-ID\nCVE-2011-3218 : Aaron Sigel of vtty.com\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in QuickTime\u0027s handling of\nH.264 encoded movie files. \nCVE-ID\nCVE-2011-3219 : Damian Put working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted movie file may lead to the\ndisclosure of memory contents\nDescription: An uninitialized memory access issue existed in\nQuickTime\u0027s handling of URL data handlers within movie files. \nCVE-ID\nCVE-2011-3220 : Luigi Auriemma working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An implementation issue existed in QuickTime\u0027s handling\nof the atom hierarchy within a movie file. \nCVE-ID\nCVE-2011-3221 : an anonymous researcher working with TippingPoint\u0027s\nZero Day Initiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted FlashPix file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in QuickTime\u0027s handling of\nFlashPix files. \nCVE-ID\nCVE-2011-3222 : Damian Put working with TippingPoint\u0027s Zero Day\nInitiative\n\nQuickTime\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow existed in QuickTime\u0027s handling of\nFLIC files. \nCVE-ID\nCVE-2011-3223 : Matt \u0027j00ru\u0027 Jurczyk working with TippingPoint\u0027s Zero\nDay Initiative\n\nSMB File Server\nAvailable for: OS X Lion v10.7 and v10.7.1,\nOS X Lion Server v10.7 and v10.7.1\nImpact: A guest user may browse shared folders\nDescription: An access control issue existed in the SMB File Server. \nDisallowing guest access to the share point record for a folder\nprevented the \u0027_unknown\u0027 user from browsing the share point but not\nguests (user \u0027nobody\u0027). This issue is addressed by applying the\naccess control to the guest user. This issue does not affect systems\nprior to OS X Lion. \nCVE-ID\nCVE-2011-3225\n\nTomcat\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: Multiple vulnerabilities in Tomcat 6.0.24\nDescription: Tomcat is updated to version 6.0.32 to address multiple\nvulnerabilities, the most serious of which may lead to a cross site\nscripting attack. Tomcat is only provided on Mac OS X Server systems. \nThis issue does not affect OS X Lion systems. Further information is\navailable via the Tomcat site at http://tomcat.apache.org/\nCVE-ID\nCVE-2010-1157\nCVE-2010-2227\nCVE-2010-3718\nCVE-2010-4172\nCVE-2011-0013\nCVE-2011-0534\n\nUser Documentation\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\nImpact: An attacker in a privileged network position may manipulate\nApp Store help content, leading to arbitrary code execution\nDescription: App Store help content was updated over HTTP. This\nupdate addresses the issue by updating App Store help content over\nHTTPS. This issue does not affect OS X Lion systems. \nCVE-ID\nCVE-2011-3224 : Aaron Sigel of vtty.com\n\nWeb Server\nAvailable for: Mac OS X Server v10.6.8\nImpact: Clients may be unable to access web services that require\ndigest authentication\nDescription: An issue in the handling of HTTP Digest authentication\nwas addressed. Users may be denied access to the server\u0027s resources,\nwhen the server configuration should have allowed the access. This\nissue does not represent a security risk, and was addressed to\nfacilitate the use of stronger authentication mechanisms. Systems\nrunning OS X Lion Server are not affected by this issue. \n\nX11\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\nImpact: Multiple vulnerabilities in libpng\nDescription: Multiple vulnerabilities existed in libpng, the most\nserious of which may lead to arbitrary code execution. These issues\nare addressed by updating libpng to version 1.5.4 on OS Lion systems,\nand to 1.2.46 on Mac OS X v10.6 systems. Further information is\navailable via the libpng website at\nhttp://www.libpng.org/pub/png/libpng.html\nCVE-ID\nCVE-2011-2690\nCVE-2011-2691\nCVE-2011-2692\n\nOS X Lion v10.7.2 also includes Safari 5.1.1. For information on\nthe security content of Safari 5.1.1, please visit:\nhttp://support.apple.com/kb/HT5000\n\nOS X Lion v10.7.2 and Security Update 2011-006 may be obtained from\nthe Software Update pane in System Preferences, or Apple\u0027s Software\nDownloads web site:\nhttp://www.apple.com/support/downloads/\n\nThe Software Update utility will present the update that applies\nto your system configuration. Only one is needed, either\nSecurity Update 2011-006 or OS X v10.7.2. \n\nFor OS X Lion v10.7.1\nThe download file is named: MacOSXUpd10.7.2.dmg\nIts SHA-1 digest is: 37f784e08d4461e83a891a7f8b8af24c2ceb8229\n\nFor OS X Lion v10.7\nThe download file is named: MacOSXUpdCombo10.7.2.dmg\nIts SHA-1 digest is: accd06d610af57df24f62ce7af261395944620eb\n\nFor OS X Lion Server v10.7.1\nThe download file is named: MacOSXServerUpd10.7.2.dmg\nIts SHA-1 digest is: e4084bf1dfa295a42f619224d149e515317955da\n\nFor OS X Lion Server v10.7\nThe download file is named: MacOSXServerUpdCombo10.7.2.dmg\nIts SHA-1 digest is: 25e86f5cf97b6644c7a025230431b1992962ec4a\n\nFor Mac OS X v10.6.8\nThe download file is named: SecUpd2011-006Snow.dmg\nIts SHA-1 digest is: 0f9c29610a06370d0c85a4c92dc278a48ba17a84\n\nFor Mac OS X Server v10.6.8\nThe download file is named: SecUpdSrvr2011-006.dmg\nIts SHA-1 digest is: 12de3732710bb03059f93527189d221c97ef8a06\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\n\niQEcBAEBAgAGBQJOlc/zAAoJEGnF2JsdZQeeWFcH/RDHS+dCP8T4a92uYRIbs9T3\nTFbT7hnOoTB0H+2eN3oziLNime2N4mO921heHobiAKSXv/luU41ZPHxVd6rE77Md\n/BHDqLv65RA0XFTIPmrTcfpLhI5UgXDLfOLrsmdwTm52l5zQZkoxufYFf3mB3h7U\nZJUD1s081Pjy45/Cbao097+JrDwS7ahhgkvTmpmSvJK/wWRz4JtZkvIYcQ2uQFR4\nsTg4l6pmi3d8sJJ4wzrEaxDpclRjvjURI4DiBMYwGAXeCMRgYi0y03tYtkjXoaSG\n69h2yD8EXQBuJkDyouak7/M/eMwUfb2S6o1HyXTldjdvFBFvvwvl+Y3xp8YmDzU=\n=gsvn\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0226"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001951"
},
{
"db": "BID",
"id": "48619"
},
{
"db": "VULHUB",
"id": "VHN-48171"
},
{
"db": "PACKETSTORM",
"id": "103471"
},
{
"db": "PACKETSTORM",
"id": "103127"
},
{
"db": "PACKETSTORM",
"id": "103375"
},
{
"db": "PACKETSTORM",
"id": "103258"
},
{
"db": "PACKETSTORM",
"id": "103989"
},
{
"db": "PACKETSTORM",
"id": "105738"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-48171",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48171"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-0226",
"trust": 3.4
},
{
"db": "BID",
"id": "48619",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "45167",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "45224",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1025757",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001951",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201107-230",
"trust": 0.7
},
{
"db": "MLIST",
"id": "[FREETYPE-DEVEL] 20110708 DETAILS ON IPHONE EXPLOIT CAUSED BY FREETYPE?",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[FREETYPE-DEVEL] 20110708 RE: DETAILS ON IPHONE EXPLOIT CAUSED BY FREETYPE?",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[FREETYPE-DEVEL] 20110709 RE: DETAILS ON IPHONE EXPLOIT CAUSED BY FREETYPE?",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[FREETYPE-DEVEL] 20110711 RE: DETAILS ON IPHONE EXPLOIT CAUSED BY FREETYPE?",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2011-07-15-1",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2011-07-15-2",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "103989",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "103375",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "103258",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "103471",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-48171",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "103127",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "105738",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48171"
},
{
"db": "BID",
"id": "48619"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001951"
},
{
"db": "PACKETSTORM",
"id": "103471"
},
{
"db": "PACKETSTORM",
"id": "103127"
},
{
"db": "PACKETSTORM",
"id": "103375"
},
{
"db": "PACKETSTORM",
"id": "103258"
},
{
"db": "PACKETSTORM",
"id": "103989"
},
{
"db": "PACKETSTORM",
"id": "105738"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-230"
},
{
"db": "NVD",
"id": "CVE-2011-0226"
}
]
},
"id": "VAR-201107-0097",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-48171"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T20:31:08.467000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT4802",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4802"
},
{
"title": "HT4803",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4803"
},
{
"title": "HT4802",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4802?viewlocale=ja_JP"
},
{
"title": "HT4803",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4803?viewlocale=ja_JP"
},
{
"title": "RHSA-2011:1085",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2011-1085.html"
},
{
"title": "CVE-2011-0226 Denial of Service (DoS) vulnerability in FreeType ",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_0226_denial_of"
},
{
"title": "msg00014",
"trust": 0.8,
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html"
},
{
"title": "msg00015",
"trust": 0.8,
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001951"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48171"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001951"
},
{
"db": "NVD",
"id": "CVE-2011-0226"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/48619"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/45167"
},
{
"trust": 2.0,
"url": "http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html"
},
{
"trust": 2.0,
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2011//jul/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2011//jul/msg00001.html"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht4802"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht4803"
},
{
"trust": 1.7,
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html"
},
{
"trust": 1.7,
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html"
},
{
"trust": 1.7,
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html"
},
{
"trust": 1.7,
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/45224"
},
{
"trust": 1.1,
"url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00003.html"
},
{
"trust": 1.1,
"url": "http://support.apple.com/kb/ht5002"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2011/dsa-2294"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:120"
},
{
"trust": 1.1,
"url": "http://www.redhat.com/support/errata/rhsa-2011-1085.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0226"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu619694"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0226"
},
{
"trust": 0.8,
"url": "http://www.securitytracker.com/id/1025757"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0226"
},
{
"trust": 0.4,
"url": "http://www.freetype.org/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/softwareupdate/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/iphone/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipodtouch/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100150478"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://store.mandriva.com/product_info.php?cpath=149\u0026amp;products_id=490"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0227"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3855"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/freetype/2.4.4-1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/freetype/2.4.2-2ubuntu0.2"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1173-1"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-0226.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2011-1085.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0259"
},
{
"trust": 0.1,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0185"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0411"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0230"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0097"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0231"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4022"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht5000"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2089"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0229"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0260"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4645"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0419"
},
{
"trust": 0.1,
"url": "http://httpd.apache.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1634"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3436"
},
{
"trust": 0.1,
"url": "http://www.libpng.org/pub/png/libpng.html"
},
{
"trust": 0.1,
"url": "http://www.php.net/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0249"
},
{
"trust": 0.1,
"url": "http://mail.python.org/pipermail/mailman-"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
},
{
"trust": 0.1,
"url": "http://www.postfix.org/announcements/postfix-2.7.3.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0224"
},
{
"trust": 0.1,
"url": "http://www.python.org/download/releases/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48171"
},
{
"db": "BID",
"id": "48619"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001951"
},
{
"db": "PACKETSTORM",
"id": "103471"
},
{
"db": "PACKETSTORM",
"id": "103127"
},
{
"db": "PACKETSTORM",
"id": "103375"
},
{
"db": "PACKETSTORM",
"id": "103258"
},
{
"db": "PACKETSTORM",
"id": "103989"
},
{
"db": "PACKETSTORM",
"id": "105738"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-230"
},
{
"db": "NVD",
"id": "CVE-2011-0226"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-48171"
},
{
"db": "BID",
"id": "48619"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001951"
},
{
"db": "PACKETSTORM",
"id": "103471"
},
{
"db": "PACKETSTORM",
"id": "103127"
},
{
"db": "PACKETSTORM",
"id": "103375"
},
{
"db": "PACKETSTORM",
"id": "103258"
},
{
"db": "PACKETSTORM",
"id": "103989"
},
{
"db": "PACKETSTORM",
"id": "105738"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-230"
},
{
"db": "NVD",
"id": "CVE-2011-0226"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-07-19T00:00:00",
"db": "VULHUB",
"id": "VHN-48171"
},
{
"date": "2011-07-06T00:00:00",
"db": "BID",
"id": "48619"
},
{
"date": "2011-07-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001951"
},
{
"date": "2011-07-27T15:24:09",
"db": "PACKETSTORM",
"id": "103471"
},
{
"date": "2011-07-18T14:19:23",
"db": "PACKETSTORM",
"id": "103127"
},
{
"date": "2011-07-25T15:15:55",
"db": "PACKETSTORM",
"id": "103375"
},
{
"date": "2011-07-22T03:07:31",
"db": "PACKETSTORM",
"id": "103258"
},
{
"date": "2011-08-15T15:37:08",
"db": "PACKETSTORM",
"id": "103989"
},
{
"date": "2011-10-13T02:35:35",
"db": "PACKETSTORM",
"id": "105738"
},
{
"date": "2011-07-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201107-230"
},
{
"date": "2011-07-19T22:55:00.820000",
"db": "NVD",
"id": "CVE-2011-0226"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-26T00:00:00",
"db": "VULHUB",
"id": "VHN-48171"
},
{
"date": "2015-05-07T17:17:00",
"db": "BID",
"id": "48619"
},
{
"date": "2012-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001951"
},
{
"date": "2011-07-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201107-230"
},
{
"date": "2024-11-21T01:23:35.317000",
"db": "NVD",
"id": "CVE-2011-0226"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "103471"
},
{
"db": "PACKETSTORM",
"id": "103375"
},
{
"db": "CNNVD",
"id": "CNNVD-201107-230"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iOS Used in products such as FreeType Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001951"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201107-230"
}
],
"trust": 0.6
}
}
ghsa-85gm-r6vh-gfc5
Vulnerability from github
Published
2022-05-17 05:37
Modified
2022-05-17 05:37
VLAI Severity ?
Details
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
{
"affected": [],
"aliases": [
"CVE-2011-0226"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-07-19T22:55:00Z",
"severity": "HIGH"
},
"details": "Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.",
"id": "GHSA-85gm-r6vh-gfc5",
"modified": "2022-05-17T05:37:19Z",
"published": "2022-05-17T05:37:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0226"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html"
},
{
"type": "WEB",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html"
},
{
"type": "WEB",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html"
},
{
"type": "WEB",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html"
},
{
"type": "WEB",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/45167"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/45224"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4802"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4803"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5002"
},
{
"type": "WEB",
"url": "http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2011/dsa-2294"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:120"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1085.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/48619"
}
],
"schema_version": "1.4.0",
"severity": []
}
fkie_cve-2011-0226
Vulnerability from fkie_nvd
Published
2011-07-19 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22668317-72EF-41B9-9379-1AEC251C5F49",
"versionEndIncluding": "2.4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7252819-BA8A-4BD1-BAAA-179A8777C994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4450B4-B21F-4153-B9DD-C36A2381F00D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11575E3C-2BEA-4264-AE41-4A962BD17035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D333A965-EAD2-40DB-8FBE-C4C7DF44C35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA37666-D2E6-47EF-BFFE-A9449D6A72CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B49505-C973-4673-A9BC-34ACA25059D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E8ECCA-58F2-4A05-8DF2-79C09A5FB275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8697D11D-BBDF-4722-85F7-5144A5D26E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "50E3EDA8-04D1-4DF1-80BB-72C6003E8F53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB06CA25-BB25-43B8-9FC2-62C399CC52EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF7414E-33A7-40E2-AEF0-1AE9D7D1B077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC0BD12-E065-4CC9-8AEE-E4C34A58EC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "214DC64B-BA35-486B-AE30-F2D9381E4D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B7CDE19A-473A-4BC5-AA7B-3D08FEEEE82C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8401A8-A328-49F6-BAE8-337F5F36C906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3FBF5BAA-8027-478F-BE06-3D3F4F823C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31358B5D-4087-4207-9730-297BA47DAA83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A73E016-A4B0-416D-B9B6-786A787DAD3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0588BCE1-059B-4602-B274-E9D268720B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freetype:freetype:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D19BE9CC-6B1C-4AC8-9740-2ABDF40C4FEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20E87ED9-A08D-48B2-83A8-AD2C0F6A22A9",
"versionEndIncluding": "4.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51D3BE2B-5A01-4AD4-A436-0056B50A535D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A20F171-79FE-43B9-8309-B18341639FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "126EF22D-29BC-4366-97BC-B261311E6251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3DD7B3-DA4C-4B0A-A94E-6BF66B358B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A939B80-0AD0-48AF-81A7-370716F56639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D28528CE-4943-4F82-80C0-A629DA3E6702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12E22AF0-2B66-425A-A1EE-4F0E3B0433E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB34ECBE-33E8-40E1-936B-7800D2525AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "107C59BE-D8CF-4A17-8DFB-BED2AB12388D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36C86BB9-0328-4E34-BC2B-47B3471EC262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1878949F-8E15-4751-8D8A-BFB2B9B9254A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54A8681-2D8A-4B0B-A947-82F3CE1FB03C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E0070D83-2E27-4DA8-8D10-A6A697216F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7252935C-E421-4339-B61F-0299E28888DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD342BF-096A-4082-B700-19629F2BDE87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93141AB6-26F2-4C6D-95B3-D383EABB4034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5C61FF-7CD3-410A-94F2-5DE701466B1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011."
},
{
"lang": "es",
"value": "Error de entero sin signo en psaux/t1decode.c en FreeType anterior a v2.4.6, es usado enCoreGraphics en Apple iOS anterior a v4.2.9 y v4.3.x anterior a v4.3.4 y otros productos, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria o ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de una fuente manipulada Type 1 en un documento PDF, como se explot\u00f3 en Julio 2011."
}
],
"id": "CVE-2011-0226",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-07-19T22:55:00.820",
"references": [
{
"source": "product-security@apple.com",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html"
},
{
"source": "product-security@apple.com",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html"
},
{
"source": "product-security@apple.com",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html"
},
{
"source": "product-security@apple.com",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html"
},
{
"source": "product-security@apple.com",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html"
},
{
"source": "product-security@apple.com",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html"
},
{
"source": "product-security@apple.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html"
},
{
"source": "product-security@apple.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45167"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45224"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4802"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4803"
},
{
"source": "product-security@apple.com",
"url": "http://support.apple.com/kb/HT5002"
},
{
"source": "product-security@apple.com",
"url": "http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html"
},
{
"source": "product-security@apple.com",
"url": "http://www.debian.org/security/2011/dsa-2294"
},
{
"source": "product-security@apple.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:120"
},
{
"source": "product-security@apple.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1085.html"
},
{
"source": "product-security@apple.com",
"url": "http://www.securityfocus.com/bid/48619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1085.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/48619"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
RHSA-2011:1085
Vulnerability from csaf_redhat
Published
2011-07-21 15:40
Modified
2025-09-10 13:51
Summary
Red Hat Security Advisory: freetype security update
Notes
Topic
Updated freetype packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently. These packages provide the FreeType 2 font engine.
A flaw was found in the way the FreeType font rendering engine processed
certain PostScript Type 1 fonts. If a user loaded a specially-crafted font
file with an application linked against FreeType, it could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application. (CVE-2011-0226)
Users are advised to upgrade to these updated packages, which contain a
backported patch to correct this issue. The X server must be restarted (log
out, then log back in) for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated freetype packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide the FreeType 2 font engine.\n\nA flaw was found in the way the FreeType font rendering engine processed\ncertain PostScript Type 1 fonts. If a user loaded a specially-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2011-0226)\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct this issue. The X server must be restarted (log\nout, then log back in) for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2011:1085",
"url": "https://access.redhat.com/errata/RHSA-2011:1085"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "722701",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722701"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_1085.json"
}
],
"title": "Red Hat Security Advisory: freetype security update",
"tracking": {
"current_release_date": "2025-09-10T13:51:06+00:00",
"generator": {
"date": "2025-09-10T13:51:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2011:1085",
"initial_release_date": "2011-07-21T15:40:00+00:00",
"revision_history": [
{
"date": "2011-07-21T15:40:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2011-07-21T11:46:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:51:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.src",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.src",
"product_id": "freetype-0:2.3.11-6.el6_1.6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"product": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"product_id": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-debuginfo@2.3.11-6.el6_1.6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "freetype-demos-0:2.3.11-6.el6_1.6.i686",
"product": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.i686",
"product_id": "freetype-demos-0:2.3.11-6.el6_1.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-demos@2.3.11-6.el6_1.6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "freetype-devel-0:2.3.11-6.el6_1.6.i686",
"product": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.i686",
"product_id": "freetype-devel-0:2.3.11-6.el6_1.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-devel@2.3.11-6.el6_1.6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.i686",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.i686",
"product_id": "freetype-0:2.3.11-6.el6_1.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"product": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"product_id": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-debuginfo@2.3.11-6.el6_1.6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"product": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"product_id": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-demos@2.3.11-6.el6_1.6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"product": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"product_id": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-devel@2.3.11-6.el6_1.6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.ppc64",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.ppc64",
"product_id": "freetype-0:2.3.11-6.el6_1.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"product": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"product_id": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-debuginfo@2.3.11-6.el6_1.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"product": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"product_id": "freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-demos@2.3.11-6.el6_1.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"product": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"product_id": "freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-devel@2.3.11-6.el6_1.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.s390x",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.s390x",
"product_id": "freetype-0:2.3.11-6.el6_1.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"product": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"product_id": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-debuginfo@2.3.11-6.el6_1.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"product": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"product_id": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-demos@2.3.11-6.el6_1.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"product": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"product_id": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-devel@2.3.11-6.el6_1.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.x86_64",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.x86_64",
"product_id": "freetype-0:2.3.11-6.el6_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"product": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"product_id": "freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-devel@2.3.11-6.el6_1.6?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.ppc",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.ppc",
"product_id": "freetype-0:2.3.11-6.el6_1.6.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"product": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"product_id": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-debuginfo@2.3.11-6.el6_1.6?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390",
"product": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390",
"product_id": "freetype-devel-0:2.3.11-6.el6_1.6.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-devel@2.3.11-6.el6_1.6?arch=s390"
}
}
},
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.s390",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.s390",
"product_id": "freetype-0:2.3.11-6.el6_1.6.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=s390"
}
}
},
{
"category": "product_version",
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"product": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"product_id": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-debuginfo@2.3.11-6.el6_1.6?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.ppc",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.s390",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.src"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.src",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.s390",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.ppc",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.s390",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.src"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.src",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.s390",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-optional-6.1.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-0226",
"discovery_date": "2011-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "722701"
}
],
"notes": [
{
"category": "description",
"text": "Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "freetype: postscript type1 font parsing vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.src",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.src",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-0226"
},
{
"category": "external",
"summary": "RHBZ#722701",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722701"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-0226",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0226"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0226",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0226"
}
],
"release_date": "2011-07-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2011-07-21T15:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.src",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.src",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2011:1085"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.src",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.src",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "freetype: postscript type1 font parsing vulnerability"
}
]
}
rhsa-2011_1085
Vulnerability from csaf_redhat
Published
2011-07-21 15:40
Modified
2024-11-22 04:31
Summary
Red Hat Security Advisory: freetype security update
Notes
Topic
Updated freetype packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently. These packages provide the FreeType 2 font engine.
A flaw was found in the way the FreeType font rendering engine processed
certain PostScript Type 1 fonts. If a user loaded a specially-crafted font
file with an application linked against FreeType, it could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application. (CVE-2011-0226)
Users are advised to upgrade to these updated packages, which contain a
backported patch to correct this issue. The X server must be restarted (log
out, then log back in) for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated freetype packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide the FreeType 2 font engine.\n\nA flaw was found in the way the FreeType font rendering engine processed\ncertain PostScript Type 1 fonts. If a user loaded a specially-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2011-0226)\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct this issue. The X server must be restarted (log\nout, then log back in) for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2011:1085",
"url": "https://access.redhat.com/errata/RHSA-2011:1085"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "722701",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722701"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_1085.json"
}
],
"title": "Red Hat Security Advisory: freetype security update",
"tracking": {
"current_release_date": "2024-11-22T04:31:06+00:00",
"generator": {
"date": "2024-11-22T04:31:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2011:1085",
"initial_release_date": "2011-07-21T15:40:00+00:00",
"revision_history": [
{
"date": "2011-07-21T15:40:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2011-07-21T11:46:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T04:31:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.src",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.src",
"product_id": "freetype-0:2.3.11-6.el6_1.6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"product": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"product_id": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-debuginfo@2.3.11-6.el6_1.6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "freetype-demos-0:2.3.11-6.el6_1.6.i686",
"product": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.i686",
"product_id": "freetype-demos-0:2.3.11-6.el6_1.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-demos@2.3.11-6.el6_1.6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "freetype-devel-0:2.3.11-6.el6_1.6.i686",
"product": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.i686",
"product_id": "freetype-devel-0:2.3.11-6.el6_1.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-devel@2.3.11-6.el6_1.6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.i686",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.i686",
"product_id": "freetype-0:2.3.11-6.el6_1.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"product": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"product_id": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-debuginfo@2.3.11-6.el6_1.6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"product": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"product_id": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-demos@2.3.11-6.el6_1.6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"product": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"product_id": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-devel@2.3.11-6.el6_1.6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.ppc64",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.ppc64",
"product_id": "freetype-0:2.3.11-6.el6_1.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"product": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"product_id": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-debuginfo@2.3.11-6.el6_1.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"product": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"product_id": "freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-demos@2.3.11-6.el6_1.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"product": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"product_id": "freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-devel@2.3.11-6.el6_1.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.s390x",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.s390x",
"product_id": "freetype-0:2.3.11-6.el6_1.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"product": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"product_id": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-debuginfo@2.3.11-6.el6_1.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"product": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"product_id": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-demos@2.3.11-6.el6_1.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"product": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"product_id": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-devel@2.3.11-6.el6_1.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.x86_64",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.x86_64",
"product_id": "freetype-0:2.3.11-6.el6_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"product": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"product_id": "freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-devel@2.3.11-6.el6_1.6?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.ppc",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.ppc",
"product_id": "freetype-0:2.3.11-6.el6_1.6.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"product": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"product_id": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-debuginfo@2.3.11-6.el6_1.6?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390",
"product": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390",
"product_id": "freetype-devel-0:2.3.11-6.el6_1.6.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-devel@2.3.11-6.el6_1.6?arch=s390"
}
}
},
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.s390",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.s390",
"product_id": "freetype-0:2.3.11-6.el6_1.6.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=s390"
}
}
},
{
"category": "product_version",
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"product": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"product_id": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-debuginfo@2.3.11-6.el6_1.6?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.ppc",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.s390",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.src"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.src",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.s390",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.ppc",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.s390",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.src"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.src",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.s390",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-optional-6.1.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-0226",
"discovery_date": "2011-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "722701"
}
],
"notes": [
{
"category": "description",
"text": "Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "freetype: postscript type1 font parsing vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.src",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.src",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-0226"
},
{
"category": "external",
"summary": "RHBZ#722701",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722701"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-0226",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0226"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0226",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0226"
}
],
"release_date": "2011-07-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2011-07-21T15:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.src",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.src",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2011:1085"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.src",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.src",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "freetype: postscript type1 font parsing vulnerability"
}
]
}
rhsa-2011:1085
Vulnerability from csaf_redhat
Published
2011-07-21 15:40
Modified
2025-09-10 13:51
Summary
Red Hat Security Advisory: freetype security update
Notes
Topic
Updated freetype packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.
Details
FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently. These packages provide the FreeType 2 font engine.
A flaw was found in the way the FreeType font rendering engine processed
certain PostScript Type 1 fonts. If a user loaded a specially-crafted font
file with an application linked against FreeType, it could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application. (CVE-2011-0226)
Users are advised to upgrade to these updated packages, which contain a
backported patch to correct this issue. The X server must be restarted (log
out, then log back in) for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated freetype packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "FreeType is a free, high-quality, portable font engine that can open and\nmanage font files. It also loads, hints, and renders individual glyphs\nefficiently. These packages provide the FreeType 2 font engine.\n\nA flaw was found in the way the FreeType font rendering engine processed\ncertain PostScript Type 1 fonts. If a user loaded a specially-crafted font\nfile with an application linked against FreeType, it could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the user running the application. (CVE-2011-0226)\n\nUsers are advised to upgrade to these updated packages, which contain a\nbackported patch to correct this issue. The X server must be restarted (log\nout, then log back in) for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2011:1085",
"url": "https://access.redhat.com/errata/RHSA-2011:1085"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "722701",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722701"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_1085.json"
}
],
"title": "Red Hat Security Advisory: freetype security update",
"tracking": {
"current_release_date": "2025-09-10T13:51:06+00:00",
"generator": {
"date": "2025-09-10T13:51:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2011:1085",
"initial_release_date": "2011-07-21T15:40:00+00:00",
"revision_history": [
{
"date": "2011-07-21T15:40:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2011-07-21T11:46:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:51:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.src",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.src",
"product_id": "freetype-0:2.3.11-6.el6_1.6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"product": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"product_id": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-debuginfo@2.3.11-6.el6_1.6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "freetype-demos-0:2.3.11-6.el6_1.6.i686",
"product": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.i686",
"product_id": "freetype-demos-0:2.3.11-6.el6_1.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-demos@2.3.11-6.el6_1.6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "freetype-devel-0:2.3.11-6.el6_1.6.i686",
"product": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.i686",
"product_id": "freetype-devel-0:2.3.11-6.el6_1.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-devel@2.3.11-6.el6_1.6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.i686",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.i686",
"product_id": "freetype-0:2.3.11-6.el6_1.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"product": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"product_id": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-debuginfo@2.3.11-6.el6_1.6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"product": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"product_id": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-demos@2.3.11-6.el6_1.6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"product": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"product_id": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-devel@2.3.11-6.el6_1.6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.ppc64",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.ppc64",
"product_id": "freetype-0:2.3.11-6.el6_1.6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"product": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"product_id": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-debuginfo@2.3.11-6.el6_1.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"product": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"product_id": "freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-demos@2.3.11-6.el6_1.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"product": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"product_id": "freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-devel@2.3.11-6.el6_1.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.s390x",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.s390x",
"product_id": "freetype-0:2.3.11-6.el6_1.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"product": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"product_id": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-debuginfo@2.3.11-6.el6_1.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"product": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"product_id": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-demos@2.3.11-6.el6_1.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"product": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"product_id": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-devel@2.3.11-6.el6_1.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.x86_64",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.x86_64",
"product_id": "freetype-0:2.3.11-6.el6_1.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"product": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"product_id": "freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-devel@2.3.11-6.el6_1.6?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.ppc",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.ppc",
"product_id": "freetype-0:2.3.11-6.el6_1.6.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"product": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"product_id": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-debuginfo@2.3.11-6.el6_1.6?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390",
"product": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390",
"product_id": "freetype-devel-0:2.3.11-6.el6_1.6.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-devel@2.3.11-6.el6_1.6?arch=s390"
}
}
},
{
"category": "product_version",
"name": "freetype-0:2.3.11-6.el6_1.6.s390",
"product": {
"name": "freetype-0:2.3.11-6.el6_1.6.s390",
"product_id": "freetype-0:2.3.11-6.el6_1.6.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype@2.3.11-6.el6_1.6?arch=s390"
}
}
},
{
"category": "product_version",
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"product": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"product_id": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/freetype-debuginfo@2.3.11-6.el6_1.6?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.ppc",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.s390",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.src as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.src"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.src",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.s390",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.ppc",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.s390",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.src"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.src",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.i686",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.s390",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"relates_to_product_reference": "6Server-optional-6.1.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64"
},
"product_reference": "freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"relates_to_product_reference": "6Server-optional-6.1.z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-0226",
"discovery_date": "2011-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "722701"
}
],
"notes": [
{
"category": "description",
"text": "Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "freetype: postscript type1 font parsing vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.src",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.src",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2011-0226"
},
{
"category": "external",
"summary": "RHBZ#722701",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722701"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2011-0226",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0226"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0226",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0226"
}
],
"release_date": "2011-07-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2011-07-21T15:40:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259",
"product_ids": [
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.src",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.src",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2011:1085"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.src",
"6Server-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"6Server-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.src",
"6Server-optional-6.1.z:freetype-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-debuginfo-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-demos-0:2.3.11-6.el6_1.6.x86_64",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.i686",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.ppc64",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.s390x",
"6Server-optional-6.1.z:freetype-devel-0:2.3.11-6.el6_1.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "freetype: postscript type1 font parsing vulnerability"
}
]
}
opensuse-su-2024:10438-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
freetype2-devel-2.7-1.1 on GA media
Notes
Title of the patch
freetype2-devel-2.7-1.1 on GA media
Description of the patch
These are all security issues fixed in the freetype2-devel-2.7-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10438
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "freetype2-devel-2.7-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the freetype2-devel-2.7-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10438",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10438-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-0946 page",
"url": "https://www.suse.com/security/cve/CVE-2009-0946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-2497 page",
"url": "https://www.suse.com/security/cve/CVE-2010-2497/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-2805 page",
"url": "https://www.suse.com/security/cve/CVE-2010-2805/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-3053 page",
"url": "https://www.suse.com/security/cve/CVE-2010-3053/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-3054 page",
"url": "https://www.suse.com/security/cve/CVE-2010-3054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-3311 page",
"url": "https://www.suse.com/security/cve/CVE-2010-3311/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-3814 page",
"url": "https://www.suse.com/security/cve/CVE-2010-3814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-3855 page",
"url": "https://www.suse.com/security/cve/CVE-2010-3855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-0226 page",
"url": "https://www.suse.com/security/cve/CVE-2011-0226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-3256 page",
"url": "https://www.suse.com/security/cve/CVE-2011-3256/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-3439 page",
"url": "https://www.suse.com/security/cve/CVE-2011-3439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1126 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1127 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1127/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1128 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1129 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1130 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1131 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1131/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1132 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1132/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1133 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1134 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1135 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1136 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1137 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1137/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1138 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1139 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1140 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1141 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1142 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1143 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1144 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-5668 page",
"url": "https://www.suse.com/security/cve/CVE-2012-5668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-5669 page",
"url": "https://www.suse.com/security/cve/CVE-2012-5669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-5670 page",
"url": "https://www.suse.com/security/cve/CVE-2012-5670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-2240 page",
"url": "https://www.suse.com/security/cve/CVE-2014-2240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-2241 page",
"url": "https://www.suse.com/security/cve/CVE-2014-2241/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9656 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9657 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9657/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9658 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9659 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9660 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9661 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9662 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9663 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9664 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9665 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9666 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9667 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9668 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9669 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9670 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9671 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9672 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9673 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9674 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9675 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9675/"
}
],
"title": "freetype2-devel-2.7-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10438-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.7-1.1.aarch64",
"product": {
"name": "freetype2-devel-2.7-1.1.aarch64",
"product_id": "freetype2-devel-2.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "freetype2-devel-32bit-2.7-1.1.aarch64",
"product": {
"name": "freetype2-devel-32bit-2.7-1.1.aarch64",
"product_id": "freetype2-devel-32bit-2.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.7-1.1.aarch64",
"product": {
"name": "libfreetype6-2.7-1.1.aarch64",
"product_id": "libfreetype6-2.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libfreetype6-32bit-2.7-1.1.aarch64",
"product": {
"name": "libfreetype6-32bit-2.7-1.1.aarch64",
"product_id": "libfreetype6-32bit-2.7-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.7-1.1.ppc64le",
"product": {
"name": "freetype2-devel-2.7-1.1.ppc64le",
"product_id": "freetype2-devel-2.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "freetype2-devel-32bit-2.7-1.1.ppc64le",
"product": {
"name": "freetype2-devel-32bit-2.7-1.1.ppc64le",
"product_id": "freetype2-devel-32bit-2.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.7-1.1.ppc64le",
"product": {
"name": "libfreetype6-2.7-1.1.ppc64le",
"product_id": "libfreetype6-2.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libfreetype6-32bit-2.7-1.1.ppc64le",
"product": {
"name": "libfreetype6-32bit-2.7-1.1.ppc64le",
"product_id": "libfreetype6-32bit-2.7-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.7-1.1.s390x",
"product": {
"name": "freetype2-devel-2.7-1.1.s390x",
"product_id": "freetype2-devel-2.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "freetype2-devel-32bit-2.7-1.1.s390x",
"product": {
"name": "freetype2-devel-32bit-2.7-1.1.s390x",
"product_id": "freetype2-devel-32bit-2.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.7-1.1.s390x",
"product": {
"name": "libfreetype6-2.7-1.1.s390x",
"product_id": "libfreetype6-2.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libfreetype6-32bit-2.7-1.1.s390x",
"product": {
"name": "libfreetype6-32bit-2.7-1.1.s390x",
"product_id": "libfreetype6-32bit-2.7-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "freetype2-devel-2.7-1.1.x86_64",
"product": {
"name": "freetype2-devel-2.7-1.1.x86_64",
"product_id": "freetype2-devel-2.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "freetype2-devel-32bit-2.7-1.1.x86_64",
"product": {
"name": "freetype2-devel-32bit-2.7-1.1.x86_64",
"product_id": "freetype2-devel-32bit-2.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreetype6-2.7-1.1.x86_64",
"product": {
"name": "libfreetype6-2.7-1.1.x86_64",
"product_id": "libfreetype6-2.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreetype6-32bit-2.7-1.1.x86_64",
"product": {
"name": "libfreetype6-32bit-2.7-1.1.x86_64",
"product_id": "libfreetype6-32bit-2.7-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64"
},
"product_reference": "freetype2-devel-2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le"
},
"product_reference": "freetype2-devel-2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x"
},
"product_reference": "freetype2-devel-2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64"
},
"product_reference": "freetype2-devel-2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-32bit-2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64"
},
"product_reference": "freetype2-devel-32bit-2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-32bit-2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le"
},
"product_reference": "freetype2-devel-32bit-2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-32bit-2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x"
},
"product_reference": "freetype2-devel-32bit-2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "freetype2-devel-32bit-2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64"
},
"product_reference": "freetype2-devel-32bit-2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64"
},
"product_reference": "libfreetype6-2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le"
},
"product_reference": "libfreetype6-2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x"
},
"product_reference": "libfreetype6-2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64"
},
"product_reference": "libfreetype6-2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-32bit-2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64"
},
"product_reference": "libfreetype6-32bit-2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-32bit-2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le"
},
"product_reference": "libfreetype6-32bit-2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-32bit-2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x"
},
"product_reference": "libfreetype6-32bit-2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreetype6-32bit-2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
},
"product_reference": "libfreetype6-32bit-2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-0946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-0946"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-0946",
"url": "https://www.suse.com/security/cve/CVE-2009-0946"
},
{
"category": "external",
"summary": "SUSE Bug 485889 for CVE-2009-0946",
"url": "https://bugzilla.suse.com/485889"
},
{
"category": "external",
"summary": "SUSE Bug 496289 for CVE-2009-0946",
"url": "https://bugzilla.suse.com/496289"
},
{
"category": "external",
"summary": "SUSE Bug 541626 for CVE-2009-0946",
"url": "https://bugzilla.suse.com/541626"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2009-0946"
},
{
"cve": "CVE-2010-2497",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-2497"
}
],
"notes": [
{
"category": "general",
"text": "Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-2497",
"url": "https://www.suse.com/security/cve/CVE-2010-2497"
},
{
"category": "external",
"summary": "SUSE Bug 619562 for CVE-2010-2497",
"url": "https://bugzilla.suse.com/619562"
},
{
"category": "external",
"summary": "SUSE Bug 635692 for CVE-2010-2497",
"url": "https://bugzilla.suse.com/635692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2010-2497"
},
{
"cve": "CVE-2010-2805",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-2805"
}
],
"notes": [
{
"category": "general",
"text": "The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-2805",
"url": "https://www.suse.com/security/cve/CVE-2010-2805"
},
{
"category": "external",
"summary": "SUSE Bug 629447 for CVE-2010-2805",
"url": "https://bugzilla.suse.com/629447"
},
{
"category": "external",
"summary": "SUSE Bug 635692 for CVE-2010-2805",
"url": "https://bugzilla.suse.com/635692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2010-2805"
},
{
"cve": "CVE-2010-3053",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-3053"
}
],
"notes": [
{
"category": "general",
"text": "bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-3053",
"url": "https://www.suse.com/security/cve/CVE-2010-3053"
},
{
"category": "external",
"summary": "SUSE Bug 633938 for CVE-2010-3053",
"url": "https://bugzilla.suse.com/633938"
},
{
"category": "external",
"summary": "SUSE Bug 635692 for CVE-2010-3053",
"url": "https://bugzilla.suse.com/635692"
},
{
"category": "external",
"summary": "SUSE Bug 645982 for CVE-2010-3053",
"url": "https://bugzilla.suse.com/645982"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2010-3053"
},
{
"cve": "CVE-2010-3054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-3054"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-3054",
"url": "https://www.suse.com/security/cve/CVE-2010-3054"
},
{
"category": "external",
"summary": "SUSE Bug 633943 for CVE-2010-3054",
"url": "https://bugzilla.suse.com/633943"
},
{
"category": "external",
"summary": "SUSE Bug 635692 for CVE-2010-3054",
"url": "https://bugzilla.suse.com/635692"
},
{
"category": "external",
"summary": "SUSE Bug 645982 for CVE-2010-3054",
"url": "https://bugzilla.suse.com/645982"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2010-3054"
},
{
"cve": "CVE-2010-3311",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-3311"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an \"input stream position error\" issue, a different vulnerability than CVE-2010-1797.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-3311",
"url": "https://www.suse.com/security/cve/CVE-2010-3311"
},
{
"category": "external",
"summary": "SUSE Bug 635692 for CVE-2010-3311",
"url": "https://bugzilla.suse.com/635692"
},
{
"category": "external",
"summary": "SUSE Bug 641580 for CVE-2010-3311",
"url": "https://bugzilla.suse.com/641580"
},
{
"category": "external",
"summary": "SUSE Bug 645982 for CVE-2010-3311",
"url": "https://bugzilla.suse.com/645982"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2010-3311"
},
{
"cve": "CVE-2010-3814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-3814"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-3814",
"url": "https://www.suse.com/security/cve/CVE-2010-3814"
},
{
"category": "external",
"summary": "SUSE Bug 647375 for CVE-2010-3814",
"url": "https://bugzilla.suse.com/647375"
},
{
"category": "external",
"summary": "SUSE Bug 689174 for CVE-2010-3814",
"url": "https://bugzilla.suse.com/689174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2010-3814"
},
{
"cve": "CVE-2010-3855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-3855"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-3855",
"url": "https://www.suse.com/security/cve/CVE-2010-3855"
},
{
"category": "external",
"summary": "SUSE Bug 647375 for CVE-2010-3855",
"url": "https://bugzilla.suse.com/647375"
},
{
"category": "external",
"summary": "SUSE Bug 689174 for CVE-2010-3855",
"url": "https://bugzilla.suse.com/689174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2010-3855"
},
{
"cve": "CVE-2011-0226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-0226"
}
],
"notes": [
{
"category": "general",
"text": "Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-0226",
"url": "https://www.suse.com/security/cve/CVE-2011-0226"
},
{
"category": "external",
"summary": "SUSE Bug 704612 for CVE-2011-0226",
"url": "https://bugzilla.suse.com/704612"
},
{
"category": "external",
"summary": "SUSE Bug 728044 for CVE-2011-0226",
"url": "https://bugzilla.suse.com/728044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2011-0226"
},
{
"cve": "CVE-2011-3256",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-3256"
}
],
"notes": [
{
"category": "general",
"text": "FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-3256",
"url": "https://www.suse.com/security/cve/CVE-2011-3256"
},
{
"category": "external",
"summary": "SUSE Bug 728044 for CVE-2011-3256",
"url": "https://bugzilla.suse.com/728044"
},
{
"category": "external",
"summary": "SUSE Bug 730124 for CVE-2011-3256",
"url": "https://bugzilla.suse.com/730124"
},
{
"category": "external",
"summary": "SUSE Bug 748083 for CVE-2011-3256",
"url": "https://bugzilla.suse.com/748083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-3256"
},
{
"cve": "CVE-2011-3439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-3439"
}
],
"notes": [
{
"category": "general",
"text": "FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-3439",
"url": "https://www.suse.com/security/cve/CVE-2011-3439"
},
{
"category": "external",
"summary": "SUSE Bug 730124 for CVE-2011-3439",
"url": "https://bugzilla.suse.com/730124"
},
{
"category": "external",
"summary": "SUSE Bug 748083 for CVE-2011-3439",
"url": "https://bugzilla.suse.com/748083"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2011-3439"
},
{
"cve": "CVE-2012-1126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1126"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1126",
"url": "https://www.suse.com/security/cve/CVE-2012-1126"
},
{
"category": "external",
"summary": "SUSE Bug 750937 for CVE-2012-1126",
"url": "https://bugzilla.suse.com/750937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2012-1126"
},
{
"cve": "CVE-2012-1127",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1127"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1127",
"url": "https://www.suse.com/security/cve/CVE-2012-1127"
},
{
"category": "external",
"summary": "SUSE Bug 750947 for CVE-2012-1127",
"url": "https://bugzilla.suse.com/750947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2012-1127"
},
{
"cve": "CVE-2012-1128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1128"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1128",
"url": "https://www.suse.com/security/cve/CVE-2012-1128"
},
{
"category": "external",
"summary": "SUSE Bug 750942 for CVE-2012-1128",
"url": "https://bugzilla.suse.com/750942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2012-1128"
},
{
"cve": "CVE-2012-1129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1129"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1129",
"url": "https://www.suse.com/security/cve/CVE-2012-1129"
},
{
"category": "external",
"summary": "SUSE Bug 750952 for CVE-2012-1129",
"url": "https://bugzilla.suse.com/750952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2012-1129"
},
{
"cve": "CVE-2012-1130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1130"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1130",
"url": "https://www.suse.com/security/cve/CVE-2012-1130"
},
{
"category": "external",
"summary": "SUSE Bug 750951 for CVE-2012-1130",
"url": "https://bugzilla.suse.com/750951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2012-1130"
},
{
"cve": "CVE-2012-1131",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1131"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1131",
"url": "https://www.suse.com/security/cve/CVE-2012-1131"
},
{
"category": "external",
"summary": "SUSE Bug 750953 for CVE-2012-1131",
"url": "https://bugzilla.suse.com/750953"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2012-1131"
},
{
"cve": "CVE-2012-1132",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1132"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1132",
"url": "https://www.suse.com/security/cve/CVE-2012-1132"
},
{
"category": "external",
"summary": "SUSE Bug 750950 for CVE-2012-1132",
"url": "https://bugzilla.suse.com/750950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2012-1132"
},
{
"cve": "CVE-2012-1133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1133"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1133",
"url": "https://www.suse.com/security/cve/CVE-2012-1133"
},
{
"category": "external",
"summary": "SUSE Bug 750940 for CVE-2012-1133",
"url": "https://bugzilla.suse.com/750940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2012-1133"
},
{
"cve": "CVE-2012-1134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1134"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1134",
"url": "https://www.suse.com/security/cve/CVE-2012-1134"
},
{
"category": "external",
"summary": "SUSE Bug 750945 for CVE-2012-1134",
"url": "https://bugzilla.suse.com/750945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2012-1134"
},
{
"cve": "CVE-2012-1135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1135"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1135",
"url": "https://www.suse.com/security/cve/CVE-2012-1135"
},
{
"category": "external",
"summary": "SUSE Bug 750946 for CVE-2012-1135",
"url": "https://bugzilla.suse.com/750946"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2012-1135"
},
{
"cve": "CVE-2012-1136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1136"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1136",
"url": "https://www.suse.com/security/cve/CVE-2012-1136"
},
{
"category": "external",
"summary": "SUSE Bug 750939 for CVE-2012-1136",
"url": "https://bugzilla.suse.com/750939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2012-1136"
},
{
"cve": "CVE-2012-1137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1137"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1137",
"url": "https://www.suse.com/security/cve/CVE-2012-1137"
},
{
"category": "external",
"summary": "SUSE Bug 750943 for CVE-2012-1137",
"url": "https://bugzilla.suse.com/750943"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2012-1137"
},
{
"cve": "CVE-2012-1138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1138"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1138",
"url": "https://www.suse.com/security/cve/CVE-2012-1138"
},
{
"category": "external",
"summary": "SUSE Bug 750941 for CVE-2012-1138",
"url": "https://bugzilla.suse.com/750941"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2012-1138"
},
{
"cve": "CVE-2012-1139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1139"
}
],
"notes": [
{
"category": "general",
"text": "Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1139",
"url": "https://www.suse.com/security/cve/CVE-2012-1139"
},
{
"category": "external",
"summary": "SUSE Bug 750938 for CVE-2012-1139",
"url": "https://bugzilla.suse.com/750938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2012-1139"
},
{
"cve": "CVE-2012-1140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1140"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1140",
"url": "https://www.suse.com/security/cve/CVE-2012-1140"
},
{
"category": "external",
"summary": "SUSE Bug 750954 for CVE-2012-1140",
"url": "https://bugzilla.suse.com/750954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2012-1140"
},
{
"cve": "CVE-2012-1141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1141"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII string in a BDF font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1141",
"url": "https://www.suse.com/security/cve/CVE-2012-1141"
},
{
"category": "external",
"summary": "SUSE Bug 750955 for CVE-2012-1141",
"url": "https://bugzilla.suse.com/750955"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2012-1141"
},
{
"cve": "CVE-2012-1142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1142"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1142",
"url": "https://www.suse.com/security/cve/CVE-2012-1142"
},
{
"category": "external",
"summary": "SUSE Bug 750948 for CVE-2012-1142",
"url": "https://bugzilla.suse.com/750948"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2012-1142"
},
{
"cve": "CVE-2012-1143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1143"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1143",
"url": "https://www.suse.com/security/cve/CVE-2012-1143"
},
{
"category": "external",
"summary": "SUSE Bug 750949 for CVE-2012-1143",
"url": "https://bugzilla.suse.com/750949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-1143"
},
{
"cve": "CVE-2012-1144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1144"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1144",
"url": "https://www.suse.com/security/cve/CVE-2012-1144"
},
{
"category": "external",
"summary": "SUSE Bug 750944 for CVE-2012-1144",
"url": "https://bugzilla.suse.com/750944"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2012-1144"
},
{
"cve": "CVE-2012-5668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-5668"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an \"allocation error\" in the bdf_free_font function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-5668",
"url": "https://www.suse.com/security/cve/CVE-2012-5668"
},
{
"category": "external",
"summary": "SUSE Bug 795826 for CVE-2012-5668",
"url": "https://bugzilla.suse.com/795826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-5668"
},
{
"cve": "CVE-2012-5669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-5669"
}
],
"notes": [
{
"category": "general",
"text": "The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-5669",
"url": "https://www.suse.com/security/cve/CVE-2012-5669"
},
{
"category": "external",
"summary": "SUSE Bug 795826 for CVE-2012-5669",
"url": "https://bugzilla.suse.com/795826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-5669"
},
{
"cve": "CVE-2012-5670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-5670"
}
],
"notes": [
{
"category": "general",
"text": "The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-5670",
"url": "https://www.suse.com/security/cve/CVE-2012-5670"
},
{
"category": "external",
"summary": "SUSE Bug 795826 for CVE-2012-5670",
"url": "https://bugzilla.suse.com/795826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-5670"
},
{
"cve": "CVE-2014-2240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-2240"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-2240",
"url": "https://www.suse.com/security/cve/CVE-2014-2240"
},
{
"category": "external",
"summary": "SUSE Bug 867620 for CVE-2014-2240",
"url": "https://bugzilla.suse.com/867620"
},
{
"category": "external",
"summary": "SUSE Bug 916867 for CVE-2014-2240",
"url": "https://bugzilla.suse.com/916867"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2014-2240"
},
{
"cve": "CVE-2014-2241",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-2241"
}
],
"notes": [
{
"category": "general",
"text": "The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-2241",
"url": "https://www.suse.com/security/cve/CVE-2014-2241"
},
{
"category": "external",
"summary": "SUSE Bug 867620 for CVE-2014-2241",
"url": "https://bugzilla.suse.com/867620"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2014-2241"
},
{
"cve": "CVE-2014-9656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9656"
}
],
"notes": [
{
"category": "general",
"text": "The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9656",
"url": "https://www.suse.com/security/cve/CVE-2014-9656"
},
{
"category": "external",
"summary": "SUSE Bug 916847 for CVE-2014-9656",
"url": "https://bugzilla.suse.com/916847"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9656"
},
{
"cve": "CVE-2014-9657",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9657"
}
],
"notes": [
{
"category": "general",
"text": "The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9657",
"url": "https://www.suse.com/security/cve/CVE-2014-9657"
},
{
"category": "external",
"summary": "SUSE Bug 916856 for CVE-2014-9657",
"url": "https://bugzilla.suse.com/916856"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9657"
},
{
"cve": "CVE-2014-9658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9658"
}
],
"notes": [
{
"category": "general",
"text": "The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9658",
"url": "https://www.suse.com/security/cve/CVE-2014-9658"
},
{
"category": "external",
"summary": "SUSE Bug 916857 for CVE-2014-9658",
"url": "https://bugzilla.suse.com/916857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9658"
},
{
"cve": "CVE-2014-9659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9659"
}
],
"notes": [
{
"category": "general",
"text": "cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9659",
"url": "https://www.suse.com/security/cve/CVE-2014-9659"
},
{
"category": "external",
"summary": "SUSE Bug 916867 for CVE-2014-9659",
"url": "https://bugzilla.suse.com/916867"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9659"
},
{
"cve": "CVE-2014-9660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9660"
}
],
"notes": [
{
"category": "general",
"text": "The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9660",
"url": "https://www.suse.com/security/cve/CVE-2014-9660"
},
{
"category": "external",
"summary": "SUSE Bug 916858 for CVE-2014-9660",
"url": "https://bugzilla.suse.com/916858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9660"
},
{
"cve": "CVE-2014-9661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9661"
}
],
"notes": [
{
"category": "general",
"text": "type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9661",
"url": "https://www.suse.com/security/cve/CVE-2014-9661"
},
{
"category": "external",
"summary": "SUSE Bug 916859 for CVE-2014-9661",
"url": "https://bugzilla.suse.com/916859"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9661"
},
{
"cve": "CVE-2014-9662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9662"
}
],
"notes": [
{
"category": "general",
"text": "cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9662",
"url": "https://www.suse.com/security/cve/CVE-2014-9662"
},
{
"category": "external",
"summary": "SUSE Bug 916860 for CVE-2014-9662",
"url": "https://bugzilla.suse.com/916860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9662"
},
{
"cve": "CVE-2014-9663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9663"
}
],
"notes": [
{
"category": "general",
"text": "The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field\u0027s value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9663",
"url": "https://www.suse.com/security/cve/CVE-2014-9663"
},
{
"category": "external",
"summary": "SUSE Bug 916865 for CVE-2014-9663",
"url": "https://bugzilla.suse.com/916865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9663"
},
{
"cve": "CVE-2014-9664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9664"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9664",
"url": "https://www.suse.com/security/cve/CVE-2014-9664"
},
{
"category": "external",
"summary": "SUSE Bug 916864 for CVE-2014-9664",
"url": "https://bugzilla.suse.com/916864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9664"
},
{
"cve": "CVE-2014-9665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9665"
}
],
"notes": [
{
"category": "general",
"text": "The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9665",
"url": "https://www.suse.com/security/cve/CVE-2014-9665"
},
{
"category": "external",
"summary": "SUSE Bug 916863 for CVE-2014-9665",
"url": "https://bugzilla.suse.com/916863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9665"
},
{
"cve": "CVE-2014-9666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9666"
}
],
"notes": [
{
"category": "general",
"text": "The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9666",
"url": "https://www.suse.com/security/cve/CVE-2014-9666"
},
{
"category": "external",
"summary": "SUSE Bug 916862 for CVE-2014-9666",
"url": "https://bugzilla.suse.com/916862"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9666"
},
{
"cve": "CVE-2014-9667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9667"
}
],
"notes": [
{
"category": "general",
"text": "sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9667",
"url": "https://www.suse.com/security/cve/CVE-2014-9667"
},
{
"category": "external",
"summary": "SUSE Bug 916861 for CVE-2014-9667",
"url": "https://bugzilla.suse.com/916861"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9667"
},
{
"cve": "CVE-2014-9668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9668"
}
],
"notes": [
{
"category": "general",
"text": "The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9668",
"url": "https://www.suse.com/security/cve/CVE-2014-9668"
},
{
"category": "external",
"summary": "SUSE Bug 916868 for CVE-2014-9668",
"url": "https://bugzilla.suse.com/916868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9668"
},
{
"cve": "CVE-2014-9669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9669"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9669",
"url": "https://www.suse.com/security/cve/CVE-2014-9669"
},
{
"category": "external",
"summary": "SUSE Bug 916870 for CVE-2014-9669",
"url": "https://bugzilla.suse.com/916870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9669"
},
{
"cve": "CVE-2014-9670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9670"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9670",
"url": "https://www.suse.com/security/cve/CVE-2014-9670"
},
{
"category": "external",
"summary": "SUSE Bug 916871 for CVE-2014-9670",
"url": "https://bugzilla.suse.com/916871"
},
{
"category": "external",
"summary": "SUSE Bug 933247 for CVE-2014-9670",
"url": "https://bugzilla.suse.com/933247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9670"
},
{
"cve": "CVE-2014-9671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9671"
}
],
"notes": [
{
"category": "general",
"text": "Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9671",
"url": "https://www.suse.com/security/cve/CVE-2014-9671"
},
{
"category": "external",
"summary": "SUSE Bug 916872 for CVE-2014-9671",
"url": "https://bugzilla.suse.com/916872"
},
{
"category": "external",
"summary": "SUSE Bug 933247 for CVE-2014-9671",
"url": "https://bugzilla.suse.com/933247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9671"
},
{
"cve": "CVE-2014-9672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9672"
}
],
"notes": [
{
"category": "general",
"text": "Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9672",
"url": "https://www.suse.com/security/cve/CVE-2014-9672"
},
{
"category": "external",
"summary": "SUSE Bug 916873 for CVE-2014-9672",
"url": "https://bugzilla.suse.com/916873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9672"
},
{
"cve": "CVE-2014-9673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9673"
}
],
"notes": [
{
"category": "general",
"text": "Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9673",
"url": "https://www.suse.com/security/cve/CVE-2014-9673"
},
{
"category": "external",
"summary": "SUSE Bug 916874 for CVE-2014-9673",
"url": "https://bugzilla.suse.com/916874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9673"
},
{
"cve": "CVE-2014-9674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9674"
}
],
"notes": [
{
"category": "general",
"text": "The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9674",
"url": "https://www.suse.com/security/cve/CVE-2014-9674"
},
{
"category": "external",
"summary": "SUSE Bug 916879 for CVE-2014-9674",
"url": "https://bugzilla.suse.com/916879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9674"
},
{
"cve": "CVE-2014-9675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9675"
}
],
"notes": [
{
"category": "general",
"text": "bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9675",
"url": "https://www.suse.com/security/cve/CVE-2014-9675"
},
{
"category": "external",
"summary": "SUSE Bug 916881 for CVE-2014-9675",
"url": "https://bugzilla.suse.com/916881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-2.7-1.1.x86_64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:freetype2-devel-32bit-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-2.7-1.1.x86_64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.aarch64",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.s390x",
"openSUSE Tumbleweed:libfreetype6-32bit-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9675"
}
]
}
opensuse-su-2024:10172-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
ft2demos-2.7-1.1 on GA media
Notes
Title of the patch
ft2demos-2.7-1.1 on GA media
Description of the patch
These are all security issues fixed in the ft2demos-2.7-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10172
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ft2demos-2.7-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ft2demos-2.7-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10172",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10172-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-0946 page",
"url": "https://www.suse.com/security/cve/CVE-2009-0946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-2497 page",
"url": "https://www.suse.com/security/cve/CVE-2010-2497/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-2805 page",
"url": "https://www.suse.com/security/cve/CVE-2010-2805/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-3053 page",
"url": "https://www.suse.com/security/cve/CVE-2010-3053/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-3054 page",
"url": "https://www.suse.com/security/cve/CVE-2010-3054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-3311 page",
"url": "https://www.suse.com/security/cve/CVE-2010-3311/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2010-3814 page",
"url": "https://www.suse.com/security/cve/CVE-2010-3814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-0226 page",
"url": "https://www.suse.com/security/cve/CVE-2011-0226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-5668 page",
"url": "https://www.suse.com/security/cve/CVE-2012-5668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-5669 page",
"url": "https://www.suse.com/security/cve/CVE-2012-5669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-5670 page",
"url": "https://www.suse.com/security/cve/CVE-2012-5670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-2240 page",
"url": "https://www.suse.com/security/cve/CVE-2014-2240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9656 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9657 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9657/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9658 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9658/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9659 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9659/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9660 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9661 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9662 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9663 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9663/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9664 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9665 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9665/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9666 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9667 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9667/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9668 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9669 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9670 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9670/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9671 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9671/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9672 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9672/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9673 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9674 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9675 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9675/"
}
],
"title": "ft2demos-2.7-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10172-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ft2demos-2.7-1.1.aarch64",
"product": {
"name": "ft2demos-2.7-1.1.aarch64",
"product_id": "ft2demos-2.7-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ft2demos-2.7-1.1.ppc64le",
"product": {
"name": "ft2demos-2.7-1.1.ppc64le",
"product_id": "ft2demos-2.7-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ft2demos-2.7-1.1.s390x",
"product": {
"name": "ft2demos-2.7-1.1.s390x",
"product_id": "ft2demos-2.7-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ft2demos-2.7-1.1.x86_64",
"product": {
"name": "ft2demos-2.7-1.1.x86_64",
"product_id": "ft2demos-2.7-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ft2demos-2.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64"
},
"product_reference": "ft2demos-2.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ft2demos-2.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le"
},
"product_reference": "ft2demos-2.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ft2demos-2.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x"
},
"product_reference": "ft2demos-2.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ft2demos-2.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
},
"product_reference": "ft2demos-2.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-0946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-0946"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-0946",
"url": "https://www.suse.com/security/cve/CVE-2009-0946"
},
{
"category": "external",
"summary": "SUSE Bug 485889 for CVE-2009-0946",
"url": "https://bugzilla.suse.com/485889"
},
{
"category": "external",
"summary": "SUSE Bug 496289 for CVE-2009-0946",
"url": "https://bugzilla.suse.com/496289"
},
{
"category": "external",
"summary": "SUSE Bug 541626 for CVE-2009-0946",
"url": "https://bugzilla.suse.com/541626"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2009-0946"
},
{
"cve": "CVE-2010-2497",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-2497"
}
],
"notes": [
{
"category": "general",
"text": "Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-2497",
"url": "https://www.suse.com/security/cve/CVE-2010-2497"
},
{
"category": "external",
"summary": "SUSE Bug 619562 for CVE-2010-2497",
"url": "https://bugzilla.suse.com/619562"
},
{
"category": "external",
"summary": "SUSE Bug 635692 for CVE-2010-2497",
"url": "https://bugzilla.suse.com/635692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2010-2497"
},
{
"cve": "CVE-2010-2805",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-2805"
}
],
"notes": [
{
"category": "general",
"text": "The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-2805",
"url": "https://www.suse.com/security/cve/CVE-2010-2805"
},
{
"category": "external",
"summary": "SUSE Bug 629447 for CVE-2010-2805",
"url": "https://bugzilla.suse.com/629447"
},
{
"category": "external",
"summary": "SUSE Bug 635692 for CVE-2010-2805",
"url": "https://bugzilla.suse.com/635692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2010-2805"
},
{
"cve": "CVE-2010-3053",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-3053"
}
],
"notes": [
{
"category": "general",
"text": "bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-3053",
"url": "https://www.suse.com/security/cve/CVE-2010-3053"
},
{
"category": "external",
"summary": "SUSE Bug 633938 for CVE-2010-3053",
"url": "https://bugzilla.suse.com/633938"
},
{
"category": "external",
"summary": "SUSE Bug 635692 for CVE-2010-3053",
"url": "https://bugzilla.suse.com/635692"
},
{
"category": "external",
"summary": "SUSE Bug 645982 for CVE-2010-3053",
"url": "https://bugzilla.suse.com/645982"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2010-3053"
},
{
"cve": "CVE-2010-3054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-3054"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character (aka seac) calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-3054",
"url": "https://www.suse.com/security/cve/CVE-2010-3054"
},
{
"category": "external",
"summary": "SUSE Bug 633943 for CVE-2010-3054",
"url": "https://bugzilla.suse.com/633943"
},
{
"category": "external",
"summary": "SUSE Bug 635692 for CVE-2010-3054",
"url": "https://bugzilla.suse.com/635692"
},
{
"category": "external",
"summary": "SUSE Bug 645982 for CVE-2010-3054",
"url": "https://bugzilla.suse.com/645982"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2010-3054"
},
{
"cve": "CVE-2010-3311",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-3311"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an \"input stream position error\" issue, a different vulnerability than CVE-2010-1797.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-3311",
"url": "https://www.suse.com/security/cve/CVE-2010-3311"
},
{
"category": "external",
"summary": "SUSE Bug 635692 for CVE-2010-3311",
"url": "https://bugzilla.suse.com/635692"
},
{
"category": "external",
"summary": "SUSE Bug 641580 for CVE-2010-3311",
"url": "https://bugzilla.suse.com/641580"
},
{
"category": "external",
"summary": "SUSE Bug 645982 for CVE-2010-3311",
"url": "https://bugzilla.suse.com/645982"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2010-3311"
},
{
"cve": "CVE-2010-3814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2010-3814"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2010-3814",
"url": "https://www.suse.com/security/cve/CVE-2010-3814"
},
{
"category": "external",
"summary": "SUSE Bug 647375 for CVE-2010-3814",
"url": "https://bugzilla.suse.com/647375"
},
{
"category": "external",
"summary": "SUSE Bug 689174 for CVE-2010-3814",
"url": "https://bugzilla.suse.com/689174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2010-3814"
},
{
"cve": "CVE-2011-0226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-0226"
}
],
"notes": [
{
"category": "general",
"text": "Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-0226",
"url": "https://www.suse.com/security/cve/CVE-2011-0226"
},
{
"category": "external",
"summary": "SUSE Bug 704612 for CVE-2011-0226",
"url": "https://bugzilla.suse.com/704612"
},
{
"category": "external",
"summary": "SUSE Bug 728044 for CVE-2011-0226",
"url": "https://bugzilla.suse.com/728044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2011-0226"
},
{
"cve": "CVE-2012-5668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-5668"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an \"allocation error\" in the bdf_free_font function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-5668",
"url": "https://www.suse.com/security/cve/CVE-2012-5668"
},
{
"category": "external",
"summary": "SUSE Bug 795826 for CVE-2012-5668",
"url": "https://bugzilla.suse.com/795826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-5668"
},
{
"cve": "CVE-2012-5669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-5669"
}
],
"notes": [
{
"category": "general",
"text": "The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-5669",
"url": "https://www.suse.com/security/cve/CVE-2012-5669"
},
{
"category": "external",
"summary": "SUSE Bug 795826 for CVE-2012-5669",
"url": "https://bugzilla.suse.com/795826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-5669"
},
{
"cve": "CVE-2012-5670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-5670"
}
],
"notes": [
{
"category": "general",
"text": "The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-5670",
"url": "https://www.suse.com/security/cve/CVE-2012-5670"
},
{
"category": "external",
"summary": "SUSE Bug 795826 for CVE-2012-5670",
"url": "https://bugzilla.suse.com/795826"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-5670"
},
{
"cve": "CVE-2014-2240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-2240"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-2240",
"url": "https://www.suse.com/security/cve/CVE-2014-2240"
},
{
"category": "external",
"summary": "SUSE Bug 867620 for CVE-2014-2240",
"url": "https://bugzilla.suse.com/867620"
},
{
"category": "external",
"summary": "SUSE Bug 916867 for CVE-2014-2240",
"url": "https://bugzilla.suse.com/916867"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2014-2240"
},
{
"cve": "CVE-2014-9656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9656"
}
],
"notes": [
{
"category": "general",
"text": "The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9656",
"url": "https://www.suse.com/security/cve/CVE-2014-9656"
},
{
"category": "external",
"summary": "SUSE Bug 916847 for CVE-2014-9656",
"url": "https://bugzilla.suse.com/916847"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9656"
},
{
"cve": "CVE-2014-9657",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9657"
}
],
"notes": [
{
"category": "general",
"text": "The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9657",
"url": "https://www.suse.com/security/cve/CVE-2014-9657"
},
{
"category": "external",
"summary": "SUSE Bug 916856 for CVE-2014-9657",
"url": "https://bugzilla.suse.com/916856"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9657"
},
{
"cve": "CVE-2014-9658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9658"
}
],
"notes": [
{
"category": "general",
"text": "The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9658",
"url": "https://www.suse.com/security/cve/CVE-2014-9658"
},
{
"category": "external",
"summary": "SUSE Bug 916857 for CVE-2014-9658",
"url": "https://bugzilla.suse.com/916857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9658"
},
{
"cve": "CVE-2014-9659",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9659"
}
],
"notes": [
{
"category": "general",
"text": "cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9659",
"url": "https://www.suse.com/security/cve/CVE-2014-9659"
},
{
"category": "external",
"summary": "SUSE Bug 916867 for CVE-2014-9659",
"url": "https://bugzilla.suse.com/916867"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9659"
},
{
"cve": "CVE-2014-9660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9660"
}
],
"notes": [
{
"category": "general",
"text": "The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9660",
"url": "https://www.suse.com/security/cve/CVE-2014-9660"
},
{
"category": "external",
"summary": "SUSE Bug 916858 for CVE-2014-9660",
"url": "https://bugzilla.suse.com/916858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9660"
},
{
"cve": "CVE-2014-9661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9661"
}
],
"notes": [
{
"category": "general",
"text": "type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9661",
"url": "https://www.suse.com/security/cve/CVE-2014-9661"
},
{
"category": "external",
"summary": "SUSE Bug 916859 for CVE-2014-9661",
"url": "https://bugzilla.suse.com/916859"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9661"
},
{
"cve": "CVE-2014-9662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9662"
}
],
"notes": [
{
"category": "general",
"text": "cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted OTF font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9662",
"url": "https://www.suse.com/security/cve/CVE-2014-9662"
},
{
"category": "external",
"summary": "SUSE Bug 916860 for CVE-2014-9662",
"url": "https://bugzilla.suse.com/916860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9662"
},
{
"cve": "CVE-2014-9663",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9663"
}
],
"notes": [
{
"category": "general",
"text": "The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field\u0027s value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9663",
"url": "https://www.suse.com/security/cve/CVE-2014-9663"
},
{
"category": "external",
"summary": "SUSE Bug 916865 for CVE-2014-9663",
"url": "https://bugzilla.suse.com/916865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9663"
},
{
"cve": "CVE-2014-9664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9664"
}
],
"notes": [
{
"category": "general",
"text": "FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9664",
"url": "https://www.suse.com/security/cve/CVE-2014-9664"
},
{
"category": "external",
"summary": "SUSE Bug 916864 for CVE-2014-9664",
"url": "https://bugzilla.suse.com/916864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9664"
},
{
"cve": "CVE-2014-9665",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9665"
}
],
"notes": [
{
"category": "general",
"text": "The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact by embedding a PNG file in a .ttf font file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9665",
"url": "https://www.suse.com/security/cve/CVE-2014-9665"
},
{
"category": "external",
"summary": "SUSE Bug 916863 for CVE-2014-9665",
"url": "https://bugzilla.suse.com/916863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9665"
},
{
"cve": "CVE-2014-9666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9666"
}
],
"notes": [
{
"category": "general",
"text": "The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9666",
"url": "https://www.suse.com/security/cve/CVE-2014-9666"
},
{
"category": "external",
"summary": "SUSE Bug 916862 for CVE-2014-9666",
"url": "https://bugzilla.suse.com/916862"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9666"
},
{
"cve": "CVE-2014-9667",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9667"
}
],
"notes": [
{
"category": "general",
"text": "sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9667",
"url": "https://www.suse.com/security/cve/CVE-2014-9667"
},
{
"category": "external",
"summary": "SUSE Bug 916861 for CVE-2014-9667",
"url": "https://bugzilla.suse.com/916861"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9667"
},
{
"cve": "CVE-2014-9668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9668"
}
],
"notes": [
{
"category": "general",
"text": "The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Web Open Font Format (WOFF) file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9668",
"url": "https://www.suse.com/security/cve/CVE-2014-9668"
},
{
"category": "external",
"summary": "SUSE Bug 916868 for CVE-2014-9668",
"url": "https://bugzilla.suse.com/916868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9668"
},
{
"cve": "CVE-2014-9669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9669"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9669",
"url": "https://www.suse.com/security/cve/CVE-2014-9669"
},
{
"category": "external",
"summary": "SUSE Bug 916870 for CVE-2014-9669",
"url": "https://bugzilla.suse.com/916870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9669"
},
{
"cve": "CVE-2014-9670",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9670"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9670",
"url": "https://www.suse.com/security/cve/CVE-2014-9670"
},
{
"category": "external",
"summary": "SUSE Bug 916871 for CVE-2014-9670",
"url": "https://bugzilla.suse.com/916871"
},
{
"category": "external",
"summary": "SUSE Bug 933247 for CVE-2014-9670",
"url": "https://bugzilla.suse.com/933247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9670"
},
{
"cve": "CVE-2014-9671",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9671"
}
],
"notes": [
{
"category": "general",
"text": "Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9671",
"url": "https://www.suse.com/security/cve/CVE-2014-9671"
},
{
"category": "external",
"summary": "SUSE Bug 916872 for CVE-2014-9671",
"url": "https://bugzilla.suse.com/916872"
},
{
"category": "external",
"summary": "SUSE Bug 933247 for CVE-2014-9671",
"url": "https://bugzilla.suse.com/933247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9671"
},
{
"cve": "CVE-2014-9672",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9672"
}
],
"notes": [
{
"category": "general",
"text": "Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9672",
"url": "https://www.suse.com/security/cve/CVE-2014-9672"
},
{
"category": "external",
"summary": "SUSE Bug 916873 for CVE-2014-9672",
"url": "https://bugzilla.suse.com/916873"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9672"
},
{
"cve": "CVE-2014-9673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9673"
}
],
"notes": [
{
"category": "general",
"text": "Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9673",
"url": "https://www.suse.com/security/cve/CVE-2014-9673"
},
{
"category": "external",
"summary": "SUSE Bug 916874 for CVE-2014-9673",
"url": "https://bugzilla.suse.com/916874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9673"
},
{
"cve": "CVE-2014-9674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9674"
}
],
"notes": [
{
"category": "general",
"text": "The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9674",
"url": "https://www.suse.com/security/cve/CVE-2014-9674"
},
{
"category": "external",
"summary": "SUSE Bug 916879 for CVE-2014-9674",
"url": "https://bugzilla.suse.com/916879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9674"
},
{
"cve": "CVE-2014-9675",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9675"
}
],
"notes": [
{
"category": "general",
"text": "bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9675",
"url": "https://www.suse.com/security/cve/CVE-2014-9675"
},
{
"category": "external",
"summary": "SUSE Bug 916881 for CVE-2014-9675",
"url": "https://bugzilla.suse.com/916881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ft2demos-2.7-1.1.aarch64",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.ppc64le",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.s390x",
"openSUSE Tumbleweed:ft2demos-2.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9675"
}
]
}
gsd-2011-0226
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2011-0226",
"description": "Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.",
"id": "GSD-2011-0226",
"references": [
"https://www.suse.com/security/cve/CVE-2011-0226.html",
"https://www.debian.org/security/2011/dsa-2294",
"https://access.redhat.com/errata/RHSA-2011:1085",
"https://linux.oracle.com/cve/CVE-2011-0226.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2011-0226"
],
"details": "Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.",
"id": "GSD-2011-0226",
"modified": "2023-12-13T01:19:04.076965Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45224"
},
{
"name": "http://support.apple.com/kb/HT4803",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4803"
},
{
"name": "APPLE-SA-2011-07-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html"
},
{
"name": "openSUSE-SU-2011:0852",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html"
},
{
"name": "48619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48619"
},
{
"name": "[freetype-devel] 20110709 Re: details on iPhone exploit caused by FreeType?",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html"
},
{
"name": "APPLE-SA-2011-07-15-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html"
},
{
"name": "45167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45167"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "RHSA-2011:1085",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1085.html"
},
{
"name": "http://support.apple.com/kb/HT4802",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4802"
},
{
"name": "[freetype-devel] 20110708 Re: details on iPhone exploit caused by FreeType?",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html"
},
{
"name": "SUSE-SU-2011:0853",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html"
},
{
"name": "[freetype-devel] 20110711 Re: details on iPhone exploit caused by FreeType?",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html"
},
{
"name": "DSA-2294",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2294"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "MDVSA-2011:120",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:120"
},
{
"name": "http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html",
"refsource": "MISC",
"url": "http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html"
},
{
"name": "[freetype-devel] 20110708 details on iPhone exploit caused by FreeType?",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html"
},
{
"name": "[freetype-devel] 20110711 Re: details on iPhone exploit caused by FreeType?",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.3.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.3.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freetype:freetype:2.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0226"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4802",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4802"
},
{
"name": "http://support.apple.com/kb/HT4803",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4803"
},
{
"name": "APPLE-SA-2011-07-15-2",
"refsource": "APPLE",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html"
},
{
"name": "48619",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/48619"
},
{
"name": "[freetype-devel] 20110709 Re: details on iPhone exploit caused by FreeType?",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html"
},
{
"name": "http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html",
"refsource": "MISC",
"tags": [],
"url": "http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html"
},
{
"name": "45167",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45167"
},
{
"name": "[freetype-devel] 20110711 Re: details on iPhone exploit caused by FreeType?",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html"
},
{
"name": "45224",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45224"
},
{
"name": "APPLE-SA-2011-07-15-1",
"refsource": "APPLE",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html"
},
{
"name": "[freetype-devel] 20110711 Re: details on iPhone exploit caused by FreeType?",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html"
},
{
"name": "[freetype-devel] 20110708 Re: details on iPhone exploit caused by FreeType?",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html"
},
{
"name": "[freetype-devel] 20110708 details on iPhone exploit caused by FreeType?",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html"
},
{
"name": "RHSA-2011:1085",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1085.html"
},
{
"name": "DSA-2294",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2011/dsa-2294"
},
{
"name": "http://support.apple.com/kb/HT5002",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "APPLE-SA-2011-10-12-3",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "SUSE-SU-2011:0853",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html"
},
{
"name": "openSUSE-SU-2011:0852",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html"
},
{
"name": "MDVSA-2011:120",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:120"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2011-10-26T02:56Z",
"publishedDate": "2011-07-19T22:55Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…