PT-2012-6337 · Freetype+3 · Freetype+3
Mateusz Jurczyk
·
Publicado
1970-01-01
·
Atualizado
2024-06-15
·
CVE-2012-1126
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
FreeType versions prior to 2.4.9
freetype2-devel versions prior to 2.4.9
freetype2-devel-32bit versions prior to 2.4.9
libfreetype6 versions prior to 2.4.9
libfreetype6-32bit versions prior to 2.4.9
libfreetype6-debuginfo versions prior to 2.4.9
libfreetype6-debuginfo-32bit versions prior to 2.4.9
libfreetype6-debuginfo-x86 versions prior to 2.4.9
libfreetype6-x86 versions prior to 2.4.9
ft2demos versions prior to 2.4.9
Description
The issue allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted property data in a BDF font, leading to disruption of confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely.
Recommendations
For FreeType versions prior to 2.4.9, update to version 2.4.9 or later.
For freetype2-devel versions prior to 2.4.9, update to version 2.4.9 or later.
For freetype2-devel-32bit versions prior to 2.4.9, update to version 2.4.9 or later.
For libfreetype6 versions prior to 2.4.9, update to version 2.4.9 or later.
For libfreetype6-32bit versions prior to 2.4.9, update to version 2.4.9 or later.
For libfreetype6-debuginfo versions prior to 2.4.9, update to version 2.4.9 or later.
For libfreetype6-debuginfo-32bit versions prior to 2.4.9, update to version 2.4.9 or later.
For libfreetype6-debuginfo-x86 versions prior to 2.4.9, update to version 2.4.9 or later.
For libfreetype6-x86 versions prior to 2.4.9, update to version 2.4.9 or later.
For ft2demos versions prior to 2.4.9, update to version 2.4.9 or later.
Correção
DoS
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Centos
Freetype
Red Hat
Suse