Main Vulnerability Database SB2011120806

SB2011120806 - SUSE Linux update for freetype2

Published: December 8, 2011

Security Bulletin ID SB2011120806

Severity

High

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Code Injection (CVE-ID: CVE-2011-3256)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.

2) Buffer overflow (CVE-ID: CVE-2011-3439)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.html