CVE-2011-0226

Name of the Vulnerable Software and Affected Versions freetype versions 2.3.11 through 2.4.7 freetype version 2.3.11

Description The issue is related to an integer signedness error in the t1decode.c file of the FreeType library, which can be exploited remotely. This error allows attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crashes. The exploitation can occur via a crafted Type 1 font in a PDF document. There have been instances of this issue being exploited in the wild.

Recommendations For freetype versions 2.3.11 through 2.4.7, update to version 2.4.8 or later to resolve the issue. For freetype version 2.3.11, update to version 2.4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the t1decode.c function until a patch is available.