PT-2011-5221 · Freetype+2 · Freetype2+2
Nirankush Panchbhai
·
Publicado
1970-01-01
·
Atualizado
2024-06-15
·
CVE-2011-3256
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
freetype2 versions prior to 2.4.8
freetype2-devel versions prior to 2.4.8
freetype2-devel-32bit versions prior to 2.4.8
freetype2-devel-64bit versions prior to 2.4.8
freetype2-32bit versions prior to 2.4.8
freetype2-64bit versions prior to 2.4.8
Description
The issue concerns multiple vulnerabilities in the freetype2 package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially allowing attackers to execute arbitrary code or cause a denial of service due to memory corruption. This can be achieved via a crafted font.
Recommendations
For freetype2 versions prior to 2.4.8, update to version 2.4.8 or later.
For freetype2-devel versions prior to 2.4.8, update to version 2.4.8 or later.
For freetype2-devel-32bit versions prior to 2.4.8, update to version 2.4.8 or later.
For freetype2-devel-64bit versions prior to 2.4.8, update to version 2.4.8 or later.
For freetype2-32bit versions prior to 2.4.8, update to version 2.4.8 or later.
For freetype2-64bit versions prior to 2.4.8, update to version 2.4.8 or later.
Correção
DoS
RCE
Buffer Overflow
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Red Hat
Suse
Freetype2