Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:STC:DL:FREETYPE-TYPE1 |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
FreeType PostScript Type1 Font Parsing Code Execution |
Release Date |
2011/09/01 |
Update Number |
1984 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: FreeType PostScript Type1 Font Parsing Code Execution
This signature detects attempts to exploit a known vulnerability in the FreeType font engine. The vulnerability is due to improper validation of the argument count parameter passed to the PostScript operation callothersubr, which can lead to a stack buffer overflow. A remote attacker can entice a target user to download a malicious PostScript or PDF file, and leverage this vulnerability to execute arbitrary code.
Extended Description
FreeType is prone to a memory-corruption vulnerability because it fails to properly validate user-supplied data. Attackers can leverage this issue to execute arbitrary code in the context of the application using the vulnerable library. Failed attacks will cause denial-of-service conditions. FreeType 2.4.5 is vulnerable; other versions may also be affected. Note (July 8, 2011): This BID was previously titled 'Apple iOS for iPhone/iPad/iPod touch Privilege Escalation Vulnerability' but has been rewritten to better reflect the underlying vulnerability.
Affected Products
- Apple ios 3.0
- Apple ios 3.1
- Apple ios 3.2
- Apple ios 3.2.1
- Apple ios 3.2.2
- Apple ios 4
- Apple ios 4.0.1
- Apple ios 4.0.2
- Apple ios 4.1
- Apple ios 4.2
- Apple ios 4.2.1
- Apple ios 4.2.5
- Apple ios 4.2.6
- Apple ios 4.2.7
- Apple ios 4.2.8
- Apple ios 4.2 beta
- Apple ios 4.3
- Apple ios 4.3.1
- Apple ios 4.3.2
- Apple ios 4.3.3
- Apple ipad
- Apple ipad
- Apple iphone
- Apple ipod_touch
- Apple mac_os_x 10.7
- Apple mac_os_x 10.7.1
- Apple mac_os_x_server 10.7
- Apple mac_os_x_server 10.7.1
- Apple mobile_safari
- Avaya 96x1_ip_deskphone 6
- Debian linux 6.0 amd64
- Debian linux 6.0 arm
- Debian linux 6.0 ia-32
- Debian linux 6.0 ia-64
- Debian linux 6.0 mips
- Debian linux 6.0 powerpc
- Debian linux 6.0 s/390
- Debian linux 6.0 sparc
- Freetype freetype 2.4.0
- Freetype freetype 2.4.2
- Freetype freetype 2.4.3
- Freetype freetype 2.4.5
- Gentoo linux
- Mandriva corporate_server 4.0
- Mandriva corporate_server 4.0.0 X86 64
- Mandriva enterprise_server 5
- Mandriva enterprise_server 5 X86 64
- Mandriva linux_mandrake 2009.0
- Mandriva linux_mandrake 2009.0 X86 64
- Mandriva linux_mandrake 2010.1
- Mandriva linux_mandrake 2010.1 X86 64
- Red_hat enterprise_linux_desktop 6
- Red_hat enterprise_linux_desktop_optional 6
- Red_hat enterprise_linux_hpc_node 6
- Red_hat enterprise_linux_hpc_node_optional 6
- Red_hat enterprise_linux_server 6
- Red_hat enterprise_linux_server_optional 6
- Red_hat enterprise_linux_workstation 6
- Red_hat enterprise_linux_workstation_optional 6
- Red_hat fedora 15
- Suse opensuse 11.3
- Suse opensuse 11.4
- Suse suse_linux_enterprise_desktop 11 SP1
- Suse suse_linux_enterprise_sdk 11 SP1
- Suse suse_linux_enterprise_server 11 SP1
- Suse suse_linux_enterprise_server_for_vmware 11 SP1
- Ubuntu ubuntu_linux 10.10 amd64
- Ubuntu ubuntu_linux 10.10 ARM
- Ubuntu ubuntu_linux 10.10 i386
- Ubuntu ubuntu_linux 10.10 powerpc
- Ubuntu ubuntu_linux 11.04 amd64
- Ubuntu ubuntu_linux 11.04 ARM
- Ubuntu ubuntu_linux 11.04 i386
- Ubuntu ubuntu_linux 11.04 powerpc
References
- BugTraq: 48619
- CVE: CVE-2011-0226