Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:ADOBE:PDF-FREETYPE

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 PDF FreeType Compact Font Format Multiple Overflow

Release Date

 2011/01/06

Update Number

 1846

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: PDF FreeType Compact Font Format Multiple Overflow


This signature detects attempts to exploit a known vulnerability in multiple PDF readers. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Extended Description

FreeType is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary-checks on user-supplied data. Successful exploits may allow attackers to execute arbitrary code in the context of an application using the affected library. Failed exploit attempts will likely result in denial-of-service conditions. NOTE (August 12, 2010): The Type2 'CharStrings' buffer-overflow issue was duplicated in BID 42151 (Apple iOS Multiple Vulnerabilities). This BID has been updated to reflect details that may have been included in BID 42151.

Affected Products

  • Apple iOS 3.2
  • Apple iOS 3.2.1
  • Apple iOS 4
  • Apple iOS 4.0.1
  • Apple iPad 3.2
  • Apple iPad 3.2.1
  • Apple iPad
  • Apple iPhone 2.0
  • Apple iPhone 2.0.1
  • Apple iPhone 2.0.2
  • Apple iPhone 2.1
  • Apple iPhone 2.2
  • Apple iPhone 2.2.1
  • Apple iPhone 3.0
  • Apple iPhone 3.0.1
  • Apple iPhone 3.1
  • Apple iPhone 3.1.2
  • Apple iPhone 3.1.3
  • Apple iPod Touch 2.0
  • Apple iPod Touch 2.0.1
  • Apple iPod Touch 2.0.2
  • Apple iPod Touch 2.1
  • Apple iPod Touch 2.2
  • Apple iPod Touch 2.2.1
  • Apple iPod Touch 3.0
  • Apple iPod Touch 3.1.1
  • Apple iPod Touch 3.1.2
  • Apple iPod Touch 3.1.3
  • Avaya Aura Application Enablement Services 5.2
  • Avaya Aura Application Enablement Services 5.2.1
  • Avaya Aura Conferencing 6.0
  • Avaya Aura Conferencing 6.0 Standard
  • Avaya Aura Presence Services 6.0
  • Avaya Aura Presence Services
  • Avaya Aura Session Manager 1.1
  • Avaya Aura Session Manager 5.2
  • Avaya Aura Session Manager 6.0
  • Avaya Aura System Manager 1.0
  • Avaya Aura System Manager 5.2
  • Avaya Aura System Manager 6.0 SP1
  • Avaya Aura System Platform 1.1
  • Avaya Aura System Platform 6.0
  • Avaya CMS Server 15.0
  • Avaya CMS Server 16.0
  • Avaya CMS Server 16.1
  • Avaya CMS Server 16.2
  • Avaya Intuity AUDIX LX 1.0
  • Avaya Intuity AUDIX LX 2.0
  • Avaya Intuity AUDIX LX 2.0 SP1
  • Avaya Intuity AUDIX LX 2.0 SP2
  • Avaya Intuity AUDIX LX R1.1
  • Avaya IQ 4.1.0
  • Avaya IQ 5
  • Avaya IQ 5.1
  • Avaya IR 4.0
  • Avaya Message Networking 3.1
  • Avaya Message Networking 5.2
  • Avaya Message Networking MN 3.1
  • Avaya Message Networking
  • Avaya Messaging Storage Server 1.0
  • Avaya Messaging Storage Server 2.0
  • Avaya Messaging Storage Server 3.1
  • Avaya Messaging Storage Server 3.1 SP1
  • Avaya Messaging Storage Server 4.0
  • Avaya Messaging Storage Server 5.0
  • Avaya Messaging Storage Server 5.1
  • Avaya Messaging Storage Server 5.2
  • Avaya Messaging Storage Server 5.2 SP1
  • Avaya Messaging Storage Server MM3.0
  • Avaya Messaging Storage Server
  • Avaya Proactive Contact 3.0
  • Avaya Proactive Contact 3.0.2
  • Avaya Proactive Contact 3.0.3
  • Avaya Proactive Contact 4.0
  • Avaya Proactive Contact 4.1
  • Avaya Proactive Contact 4.1.1
  • Avaya Proactive Contact 4.1.2
  • Avaya Proactive Contact 4.2
  • Avaya Proactive Contact
  • Avaya Voice Portal 3.0
  • Avaya Voice Portal 4.0
  • Avaya Voice Portal 4.1
  • Avaya Voice Portal 4.1 SP1
  • Avaya Voice Portal 4.1 SP2
  • Avaya Voice Portal 5.0
  • Avaya Voice Portal 5.0 SP1
  • Avaya Voice Portal 5.0 SP2
  • Avaya Voice Portal 5.1
  • Debian Linux 5.0
  • Debian Linux 5.0 Alpha
  • Debian Linux 5.0 Amd64
  • Debian Linux 5.0 Arm
  • Debian Linux 5.0 Armel
  • Debian Linux 5.0 Hppa
  • Debian Linux 5.0 Ia-32
  • Debian Linux 5.0 Ia-64
  • Debian Linux 5.0 M68k
  • Debian Linux 5.0 Mips
  • Debian Linux 5.0 Mipsel
  • Debian Linux 5.0 Powerpc
  • Debian Linux 5.0 S/390
  • Debian Linux 5.0 Sparc
  • Foxit Foxit Reader 2.2
  • Foxit Foxit Reader 2.3
  • Foxit Foxit Reader 2.3 Build 2825
  • Foxit Foxit Reader 2.3 Build 2923
  • Foxit Foxit Reader 2.3 Build 3902
  • Foxit Foxit Reader 3.0
  • Foxit Foxit Reader 3.0.2009.1301
  • Foxit Foxit Reader 3.0 Build 1506
  • Foxit Foxit Reader 3.0 Build 1817
  • Foxit Foxit Reader 3.1.4.1125
  • Foxit Foxit Reader 3.2
  • Foxit Foxit Reader 3.2.0.0303
  • Foxit Foxit Reader 3.2.1.0401
  • Foxit Foxit Reader 4.0
  • Foxit Reader 3.1.1 Build 0928
  • Foxit Reader 4.1
  • Foxit Reader 4.1.1
  • FreeType 2.0.6
  • FreeType 2.0.9
  • FreeType 2.1.10
  • FreeType 2.1.7
  • FreeType 2.1.9
  • FreeType 2.2
  • FreeType 2.2.1
  • FreeType 2.2.10
  • FreeType 2.3.3
  • FreeType 2.3.4
  • FreeType 2.3.5
  • FreeType 2.3.6
  • FreeType 2.4.0
  • Gentoo Linux
  • Mandriva Corporate Server 4.0
  • Mandriva Corporate Server 4.0.0 X86 64
  • Mandriva Enterprise Server 5
  • Mandriva Enterprise Server 5 X86 64
  • Mandriva Linux Mandrake 2008.0
  • Mandriva Linux Mandrake 2008.0 X86 64
  • Mandriva Linux Mandrake 2009.0
  • Mandriva Linux Mandrake 2009.0 X86 64
  • Mandriva Linux Mandrake 2009.1
  • Mandriva Linux Mandrake 2009.1 X86 64
  • Mandriva Linux Mandrake 2010.0
  • Mandriva Linux Mandrake 2010.0 X86 64
  • Mandriva Linux Mandrake 2010.1
  • Mandriva Linux Mandrake 2010.1 X86 64
  • Pardus Linux 2009
  • Red Hat Desktop 3.0.0
  • Red Hat Desktop 4.0.0
  • Red Hat Enterprise Linux 5 Client
  • Red Hat Enterprise Linux 5 Server
  • Red Hat Enterprise Linux Desktop Version 4
  • Red Hat Enterprise Linux AS 3
  • Red Hat Enterprise Linux AS 4
  • Red Hat Enterprise Linux Desktop Workstation 5 Client
  • Red Hat Enterprise Linux ES 3
  • Red Hat Enterprise Linux ES 4
  • Red Hat Enterprise Linux WS 3
  • Red Hat Enterprise Linux WS 4
  • Red Hat Fedora 12
  • Red Hat Fedora 13
  • Sun OpenSolaris Build Snv 01
  • Sun OpenSolaris Build Snv 02
  • Sun OpenSolaris Build Snv 100
  • Sun OpenSolaris Build Snv 101
  • Sun OpenSolaris Build Snv 101A
  • Sun OpenSolaris Build Snv 102
  • Sun OpenSolaris Build Snv 103
  • Sun OpenSolaris Build Snv 104
  • Sun OpenSolaris Build Snv 105
  • Sun OpenSolaris Build Snv 106
  • Sun OpenSolaris Build Snv 107
  • Sun OpenSolaris Build Snv 108
  • Sun OpenSolaris Build Snv 109
  • Sun OpenSolaris Build Snv 110
  • Sun OpenSolaris Build Snv 111
  • Sun OpenSolaris Build Snv 111A
  • Sun OpenSolaris Build Snv 13
  • Sun OpenSolaris Build Snv 19
  • Sun OpenSolaris Build Snv 22
  • Sun OpenSolaris Build Snv 28
  • Sun OpenSolaris Build Snv 29
  • Sun OpenSolaris Build Snv 35
  • Sun OpenSolaris Build Snv 36
  • Sun OpenSolaris Build Snv 37
  • Sun OpenSolaris Build Snv 38
  • Sun OpenSolaris Build Snv 39
  • Sun OpenSolaris Build Snv 41
  • Sun OpenSolaris Build Snv 45
  • Sun OpenSolaris Build Snv 47
  • Sun OpenSolaris Build Snv 48
  • Sun OpenSolaris Build Snv 49
  • Sun OpenSolaris Build Snv 50
  • Sun OpenSolaris Build Snv 51
  • Sun OpenSolaris Build Snv 54
  • Sun OpenSolaris Build Snv 56
  • Sun OpenSolaris Build Snv 57
  • Sun OpenSolaris Build Snv 58
  • Sun OpenSolaris Build Snv 59
  • Sun OpenSolaris Build Snv 61
  • Sun OpenSolaris Build Snv 64
  • Sun OpenSolaris Build Snv 67
  • Sun OpenSolaris Build Snv 68
  • Sun OpenSolaris Build Snv 71
  • Sun OpenSolaris Build Snv 74
  • Sun OpenSolaris Build Snv 76
  • Sun OpenSolaris Build Snv 77
  • Sun OpenSolaris Build Snv 78
  • Sun OpenSolaris Build Snv 80
  • Sun OpenSolaris Build Snv 81
  • Sun OpenSolaris Build Snv 82
  • Sun OpenSolaris Build Snv 83
  • Sun OpenSolaris Build Snv 84
  • Sun OpenSolaris Build Snv 85
  • Sun OpenSolaris Build Snv 86
  • Sun OpenSolaris Build Snv 87
  • Sun OpenSolaris Build Snv 88
  • Sun OpenSolaris Build Snv 89
  • Sun OpenSolaris Build Snv 90
  • Sun OpenSolaris Build Snv 91
  • Sun OpenSolaris Build Snv 92
  • Sun OpenSolaris Build Snv 93
  • Sun OpenSolaris Build Snv 94
  • Sun OpenSolaris Build Snv 95
  • Sun OpenSolaris Build Snv 96
  • Sun OpenSolaris Build Snv 98
  • Sun OpenSolaris Build Snv 99
  • Sun OpenSolaris Svn 126
  • Sun OpenSolaris
  • Sun Solaris 10 Sparc
  • Sun Solaris 10 X86
  • Sun Solaris 9 Sparc
  • Sun Solaris 9 X86
  • SuSE openSUSE 11.1
  • SuSE openSUSE 11.2
  • SuSE openSUSE 11.3
  • SuSE SUSE Linux Enterprise 10 SP3
  • SuSE SUSE Linux Enterprise 11
  • SuSE SUSE Linux Enterprise Server 10 SP2
  • SuSE SUSE Linux Enterprise Server 9
  • Ubuntu Ubuntu Linux 10.04 Amd64
  • Ubuntu Ubuntu Linux 10.04 I386
  • Ubuntu Ubuntu Linux 10.04 Powerpc
  • Ubuntu Ubuntu Linux 10.04 Sparc
  • Ubuntu Ubuntu Linux 6.06 LTS Amd64
  • Ubuntu Ubuntu Linux 6.06 LTS I386
  • Ubuntu Ubuntu Linux 6.06 LTS Powerpc
  • Ubuntu Ubuntu Linux 6.06 LTS Sparc
  • Ubuntu Ubuntu Linux 8.04 LTS Amd64
  • Ubuntu Ubuntu Linux 8.04 LTS I386
  • Ubuntu Ubuntu Linux 8.04 LTS Lpia
  • Ubuntu Ubuntu Linux 8.04 LTS Powerpc
  • Ubuntu Ubuntu Linux 8.04 LTS Sparc
  • Ubuntu Ubuntu Linux 9.04 Amd64
  • Ubuntu Ubuntu Linux 9.04 I386
  • Ubuntu Ubuntu Linux 9.04 Lpia
  • Ubuntu Ubuntu Linux 9.04 Powerpc
  • Ubuntu Ubuntu Linux 9.04 Sparc
  • Ubuntu Ubuntu Linux 9.10 Amd64
  • Ubuntu Ubuntu Linux 9.10 I386
  • Ubuntu Ubuntu Linux 9.10 Lpia
  • Ubuntu Ubuntu Linux 9.10 Powerpc
  • Ubuntu Ubuntu Linux 9.10 Sparc

References

  • BugTraq: 42241
  • CVE: CVE-2010-1797
  • CVE: CVE-2010-2972
  • URL: http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view
  • URL: http://www.foxitsoftware.com/pdf/reader/security_bulletins.php#iphone
  • URL: http://www.foxitsoftware.com/pdf/reader/bugfix.php
  • URL: http://www.freetype.org/
  • URL: https://bugzilla.redhat.com/show_bug.cgi?id=621144
  • URL: http://www.foxitsoftware.com/announcements/2010861227.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out