FreeType Versions Prior to 2.4.9 Multiple Remote Vulnerabilities
BID:52318
Info
FreeType Versions Prior to 2.4.9 Multiple Remote Vulnerabilities
| Bugtraq ID: | 52318 |
| Class: | Unknown |
| CVE: |
CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 06 2012 12:00AM |
| Updated: | Apr 16 2015 05:49PM |
| Credit: | Mateusz Jurczyk of Google Security Team. |
| Vulnerable: |
Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 SuSE SUSE Linux Enterprise Server for VMware 11 SP1 SuSE SUSE Linux Enterprise Server 11 SP2 SuSE SUSE Linux Enterprise Server 11 SP1 SuSE SUSE Linux Enterprise Server 10 SP4 SuSE SUSE Linux Enterprise Server 10 SP3 LTSS SuSE SUSE Linux Enterprise Server 10 SP2 SuSE SUSE Linux Enterprise SDK 11 SP2 SuSE SUSE Linux Enterprise SDK 11 SP1 SuSE SUSE Linux Enterprise Desktop 11 SP2 SuSE SUSE Linux Enterprise Desktop 11 SP1 SuSE SUSE Linux Enterprise Desktop 10 SP4 SuSE openSUSE 12.1 SuSE openSUSE 11.4 Slackware Linux x86_64 -current Slackware Linux 13.37 x86_64 Slackware Linux 13.37 Slackware Linux 13.1 x86_64 Slackware Linux 13.1 Slackware Linux 13.0 x86_64 Slackware Linux 13.0 Slackware Linux 12.2 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux 11.0 Slackware Linux -current RedHat Enterprise Linux Desktop Workstation 5 client Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux HPC Node 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Oracle Enterprise Linux 5 Mozilla Firefox Mobile 10.0.3 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Gentoo Linux FreeType FreeType 2.4.7 FreeType FreeType 2.4.5 FreeType FreeType 2.4.3 FreeType FreeType 2.4.2 FreeType FreeType 2.4 FreeType FreeType 2.3.9 FreeType FreeType 2.3.6 FreeType FreeType 2.3.5 FreeType FreeType 2.3.4 FreeType FreeType 2.3.3 FreeType FreeType 2.2.10 FreeType FreeType 2.2.1 FreeType FreeType 2.1.10 FreeType FreeType 2.1.9 FreeType FreeType 2.1.7 FreeType FreeType 2.0.9 FreeType FreeType 2.0.6 FreeType FreeType 1.3.1 FreeType FreeType 2.4.8 FreeType FreeType 2.3.11 FreeType FreeType 2.2 FreeType FreeType 0 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 Avaya Voice Portal 5.1.2 Avaya Voice Portal 5.1.1 Avaya Voice Portal 5.1 SP1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.0 SP2 Avaya Voice Portal 5.0 SP1 Avaya Voice Portal 5.0 Avaya Proactive Contact 5.0 Avaya IQ 5.2 Avaya IQ 5.1.1 Avaya IQ 5.1 Avaya IQ 5 Avaya Communication Server 1000M Signaling Server 7.5 Avaya Communication Server 1000M Signaling Server 7.0 Avaya Communication Server 1000M Signaling Server 6.0 Avaya Communication Server 1000M 7.5 Avaya Communication Server 1000M 7.0 Avaya Communication Server 1000M 6.0 Avaya Communication Server 1000E Signaling Server 7.5 Avaya Communication Server 1000E Signaling Server 7.0 Avaya Communication Server 1000E Signaling Server 6.0 Avaya Communication Server 1000E 7.5 Avaya Communication Server 1000E 7.0 Avaya Communication Server 1000E 6.0 Avaya Aura System Platform 6.0.2 Avaya Aura System Platform 6.0.1 Avaya Aura System Platform 6.0 SP3 Avaya Aura System Platform 6.0 SP2 Avaya Aura System Platform 6.0 Avaya Aura System Platform 1.1 Avaya Aura System Manager 6.2 Avaya Aura System Manager 6.1.3 Avaya Aura System Manager 6.1.2 Avaya Aura System Manager 6.1.1 Avaya Aura System Manager 6.1 SP2 Avaya Aura System Manager 6.1 Sp1 Avaya Aura System Manager 6.1 Avaya Aura System Manager 6.0 SP1 Avaya Aura System Manager 6.0 Avaya Aura System Manager 5.2 Avaya Aura Session Manager 6.2.1 Avaya Aura Session Manager 6.1.3 Avaya Aura Session Manager 6.1.2 Avaya Aura Session Manager 6.1.1 Avaya Aura Session Manager 6.2 Avaya Aura Session Manager 6.1 SP2 Avaya Aura Session Manager 6.1 Sp1 Avaya Aura Session Manager 6.1 Avaya Aura Session Manager 6.0 SP1 Avaya Aura Session Manager 6.0 Avaya Aura Session Manager 5.2 SP2 Avaya Aura Session Manager 5.2 SP1 Avaya Aura Session Manager 5.2 Avaya Aura Presence Services 6.1.1 Avaya Aura Presence Services 6.1 Avaya Aura Presence Services 6.0 Avaya Aura Experience Portal 6.0 Avaya Aura Conferencing 6.0 Standard Avaya Aura Communication Manager Utility Services 6.2 Avaya Aura Communication Manager Utility Services 6.1 Avaya Aura Communication Manager Utility Services 6.0 Avaya Aura Application Server 5300 SIP Core 2.1 Avaya Aura Application Server 5300 SIP Core 2.0 Avaya Aura Application Enablement Services 5.2.1 Avaya Aura Application Enablement Services 6.1.1 Avaya Aura Application Enablement Services 6.1 Avaya Aura Application Enablement Services 5.2.3 Avaya Aura Application Enablement Services 5.2.2 Avaya Aura Application Enablement Services 5.2 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3 Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0 |
| Not Vulnerable: |
Mozilla Firefox Mobile 10.0.4 FreeType FreeType 2.4.9 |
Discussion
FreeType Versions Prior to 2.4.9 Multiple Remote Vulnerabilities
FreeType is prone to multiple heap-based buffer-overflow vulnerabilities, a stack-based buffer-overflow vulnerability, and a denial-of-service vulnerability.
Remote attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions.
FreeType versions prior to 2.4.9 are vulnerable.
FreeType is prone to multiple heap-based buffer-overflow vulnerabilities, a stack-based buffer-overflow vulnerability, and a denial-of-service vulnerability.
Remote attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions.
FreeType versions prior to 2.4.9 are vulnerable.
Exploit / POC
FreeType Versions Prior to 2.4.9 Multiple Remote Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
FreeType Versions Prior to 2.4.9 Multiple Remote Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5
Mandriva Linux Mandrake 2011
Solution:
Updates are available. Please see the references for more information.
MandrakeSoft Enterprise Server 5
-
Mandriva freetype2-demos-2.3.7-1.10mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libfreetype6-2.3.7-1.10mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libfreetype6-devel-2.3.7-1.10mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libfreetype6-static-devel-2.3.7-1.10mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/
Mandriva Linux Mandrake 2011
-
Mandriva freetype2-demos-2.4.5-2.3-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libfreetype6-2.4.5-2.3-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libfreetype6-devel-2.4.5-2.3-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva libfreetype6-static-devel-2.4.5-2.3-mdv2011.0.i586.rpm
http://www.mandriva.com/en/downloads/
References
FreeType Versions Prior to 2.4.9 Multiple Remote Vulnerabilities
References:
References:
- Bug 800581 - freetype: Out-of heap-based buffer read by parsing, adding properti (Red Hat Bugzilla)
- Bug 800583 - freetype: Out-of heap-based buffer read by parsing glyph informatio (Red Hat Bugzilla)
- Bug 800584 - freetype: NULL pointer dereference by moving zone2 pointer point fo (Red Hat Bugzilla)
- Bug 800585 - freetype: Out-of heap-based buffer read when parsing certain SFNT s (Red Hat Bugzilla)
- Bug 800587 - freetype: Out-of heap-based buffer read by loading properties of PC (Red Hat Bugzilla)
- Bug 800589 - freetype (64-bit specific): Out-of heap-based buffer read by attemp (Red Hat Bugzilla)
- Bug 800590 - freetype: Out-of heap-based buffer read flaw in Type1 font loader b (Red Hat Bugzilla)
- Bug 800591 - freetype: Out-of heap-based buffer write by parsing BDF glyph infor (Red Hat Bugzilla)
- Bug 800592 - freetype: Out-of heap-based buffer write in Type1 font parser by re (Red Hat Bugzilla)
- Bug 800593 - freetype: Out-of heap-based buffer read in TrueType bytecode interp (Red Hat Bugzilla)
- Bug 800594 - freetype: Out-of heap-based buffer write by parsing BDF glyph and b (Red Hat Bugzilla)
- Bug 800595 - freetype: Out-of heap-based buffer read by parsing BDF font header (Red Hat Bugzilla)
- Bug 800597 - freetype: Out-of heap-based buffer read in the TrueType bytecode in (Red Hat Bugzilla)
- Bug 800598 - freetype: Array index error, leading to out-of stack based buffer r (Red Hat Bugzilla)
- Bug 800600 - freetype: Out-of heap-based buffer read by conversion of PostScript (Red Hat Bugzilla)
- Bug 800602 - freetype: Out-of heap-based buffer read flaw by conversion of an AS (Red Hat Bugzilla)
- Bug 800604 - freetype: Out-of heap-based buffer write by retrieval of advance va (Red Hat Bugzilla)
- Bug 800606 - freetype: Integer divide by zero by performing arithmetic computati (Red Hat Bugzilla)
- Bug 800607 - freetype: Out-of heap-based buffer write in the TrueType bytecode i (Red Hat Bugzilla)
- CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 (Jan Lieskovsky)
- FreeType Homepage (FreeType)
- ASA-2012-202 freetype security update (RHSA-2012-0467) (Avaya)
- Mozilla Foundation Security Advisory 2012-21 (Mozilla)