CVE-2011-0226
Published: 19 July 2011
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
Notes
Author | Note |
---|---|
mdeslaur | don't see issue with valgrind on 2.3.x, marking hardy and lucid as not-affected |
Priority
Status
Package | Release | Status |
---|---|---|
freetype Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
(2.3.5-1ubuntu4.8.04.6)
|
lucid |
Not vulnerable
(2.3.11-1ubuntu2.4)
|
|
maverick |
Released
(2.4.2-2ubuntu0.2)
|
|
natty |
Released
(2.4.4-1ubuntu2.1)
|
|
upstream |
Released
(2.4.6)
|
|
Patches: upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=c46b1e2476cc1804c0dd25d463be3c99d58befd7 upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=dc33b4a1555c184b83a402dfa1856b213e6b4fbd upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=60f8371353013e78ab0a789f49af90d64fe65f0d upstream: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=143799d4a95e38eab1e49c761d3c6f116fd80349 vendor: https://rhn.redhat.com/errata/RHSA-2011-1085.html |