Signature Detail
Short Name |
HTTP:STC:DL:FREETYPE-TYPE1 |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
FreeType PostScript Type1 Font Parsing Code Execution |
Release Date |
2011/09/01 |
Update Number |
1984 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: FreeType PostScript Type1 Font Parsing Code Execution
This signature detects attempts to exploit a known vulnerability in the FreeType font engine. The vulnerability is due to improper validation of the argument count parameter passed to the PostScript operation callothersubr, which can lead to a stack buffer overflow. A remote attacker can entice a target user to download a malicious PostScript or PDF file, and leverage this vulnerability to execute arbitrary code.
Extended Description
FreeType is prone to a memory-corruption vulnerability because it fails to properly validate user-supplied data. Attackers can leverage this issue to execute arbitrary code in the context of the application using the vulnerable library. Failed attacks will cause denial-of-service conditions. FreeType 2.4.5 is vulnerable; other versions may also be affected. Note (July 8, 2011): This BID was previously titled 'Apple iOS for iPhone/iPad/iPod touch Privilege Escalation Vulnerability' but has been rewritten to better reflect the underlying vulnerability.
Affected Products
- Apple iOS 3.0
- Apple iOS 3.1
- Apple iOS 3.2
- Apple iOS 3.2.1
- Apple iOS 3.2.2
- Apple iOS 4
- Apple iOS 4.0.1
- Apple iOS 4.0.2
- Apple iOS 4.1
- Apple iOS 4.2
- Apple iOS 4.2.1
- Apple iOS 4.2.5
- Apple iOS 4.2.6
- Apple iOS 4.2.7
- Apple iOS 4.2.8
- Apple iOS 4.2 beta
- Apple iOS 4.3
- Apple iOS 4.3.1
- Apple iOS 4.3.2
- Apple iOS 4.3.3
- Apple iPad
- Apple iPad
- Apple iPhone
- Apple iPod Touch
- Apple Mac Os X 10.7
- Apple Mac Os X 10.7.1
- Apple Mac Os X Server 10.7
- Apple Mac Os X Server 10.7.1
- Apple Mobile Safari
- Avaya 96x1 IP Deskphone 6
- Debian Linux 6.0 amd64
- Debian Linux 6.0 arm
- Debian Linux 6.0 ia-32
- Debian Linux 6.0 ia-64
- Debian Linux 6.0 mips
- Debian Linux 6.0 powerpc
- Debian Linux 6.0 s/390
- Debian Linux 6.0 sparc
- FreeType 2.4.0
- FreeType 2.4.2
- FreeType 2.4.3
- FreeType 2.4.5
- Gentoo Linux
- Mandriva Corporate Server 4.0
- Mandriva Corporate Server 4.0.0 X86 64
- Mandriva Enterprise Server 5
- Mandriva Enterprise Server 5 X86 64
- Mandriva Linux Mandrake 2009.0
- Mandriva Linux Mandrake 2009.0 X86 64
- Mandriva Linux Mandrake 2010.1
- Mandriva Linux Mandrake 2010.1 X86 64
- Red Hat Enterprise Linux Desktop 6
- Red Hat Enterprise Linux Desktop Optional 6
- Red Hat Enterprise Linux HPC Node 6
- Red Hat Enterprise Linux HPC Node Optional 6
- Red Hat Enterprise Linux Server 6
- Red Hat Enterprise Linux Server Optional 6
- Red Hat Enterprise Linux Workstation 6
- Red Hat Enterprise Linux Workstation Optional 6
- Red Hat Fedora 15
- SuSE openSUSE 11.3
- SuSE openSUSE 11.4
- SuSE SUSE Linux Enterprise Desktop 11 SP1
- SuSE SUSE Linux Enterprise SDK 11 SP1
- SuSE SUSE Linux Enterprise Server 11 SP1
- SuSE SUSE Linux Enterprise Server for VMware 11 SP1
- Ubuntu Ubuntu Linux 10.10 amd64
- Ubuntu Ubuntu Linux 10.10 ARM
- Ubuntu Ubuntu Linux 10.10 i386
- Ubuntu Ubuntu Linux 10.10 powerpc
- Ubuntu Ubuntu Linux 11.04 amd64
- Ubuntu Ubuntu Linux 11.04 ARM
- Ubuntu Ubuntu Linux 11.04 i386
- Ubuntu Ubuntu Linux 11.04 powerpc
References
- BugTraq: 48619
- CVE: CVE-2011-0226