CVE-2011-3439

Name of the Vulnerable Software and Affected Versions freetype versions prior to 2.4.8 freetype2-devel-32bit (affected versions not specified) freetype2-32bit (affected versions not specified) freetype2-devel (affected versions not specified) freetype2-devel-64bit (affected versions not specified) freetype2 (affected versions not specified) freetype2-64bit (affected versions not specified) Apple iOS versions prior to 5.0.1

Description The issue concerns multiple vulnerabilities in the freetype package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. In Apple iOS, the vulnerability in FreeType in CoreGraphics allows remote attackers to execute arbitrary code or cause a denial of service via a crafted font in a document.

Recommendations For freetype versions prior to 2.4.8, update to version 2.4.8 or later. For freetype2-devel-32bit, freetype2-32bit, freetype2-devel, freetype2-devel-64bit, freetype2, and freetype2-64bit, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Apple iOS versions prior to 5.0.1, update to version 5.0.1 or later.