PT-2011-5221 · Freetype+2 · Freetype2+2
Nirankush Panchbhai
·
Published
1970-01-01
·
Updated
2024-06-15
·
CVE-2011-3256
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
freetype2 versions prior to 2.4.8
freetype2-devel versions prior to 2.4.8
freetype2-devel-32bit versions prior to 2.4.8
freetype2-devel-64bit versions prior to 2.4.8
freetype2-32bit versions prior to 2.4.8
freetype2-64bit versions prior to 2.4.8
Description
The issue concerns multiple vulnerabilities in the freetype2 package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially allowing attackers to execute arbitrary code or cause a denial of service due to memory corruption. This can be achieved via a crafted font.
Recommendations
For freetype2 versions prior to 2.4.8, update to version 2.4.8 or later.
For freetype2-devel versions prior to 2.4.8, update to version 2.4.8 or later.
For freetype2-devel-32bit versions prior to 2.4.8, update to version 2.4.8 or later.
For freetype2-devel-64bit versions prior to 2.4.8, update to version 2.4.8 or later.
For freetype2-32bit versions prior to 2.4.8, update to version 2.4.8 or later.
For freetype2-64bit versions prior to 2.4.8, update to version 2.4.8 or later.
Fix
DoS
RCE
Buffer Overflow
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Red Hat
Suse
Freetype2