CVE-2011-0226

Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
freetypefreetype
𝑥
≤ 2.4.5
freetypefreetype
2.2.1
freetypefreetype
2.2.10
freetypefreetype
2.3.0
freetypefreetype
2.3.1
freetypefreetype
2.3.2
freetypefreetype
2.3.3
freetypefreetype
2.3.4
freetypefreetype
2.3.5
freetypefreetype
2.3.6
freetypefreetype
2.3.7
freetypefreetype
2.3.8
freetypefreetype
2.3.9
freetypefreetype
2.3.10
freetypefreetype
2.3.11
freetypefreetype
2.3.12
freetypefreetype
2.4.0
freetypefreetype
2.4.1
freetypefreetype
2.4.2
freetypefreetype
2.4.3
freetypefreetype
2.4.4
appleiphone_os
𝑥
≤ 4.2.8
appleiphone_os
1.0.0
appleiphone_os
1.0.1
appleiphone_os
1.0.2
appleiphone_os
1.1.0
appleiphone_os
1.1.1
appleiphone_os
1.1.2
appleiphone_os
1.1.3
appleiphone_os
1.1.4
appleiphone_os
1.1.5
appleiphone_os
2.0
appleiphone_os
2.0.0
appleiphone_os
2.0.1
appleiphone_os
2.0.2
appleiphone_os
2.1
appleiphone_os
2.1.1
appleiphone_os
2.2
appleiphone_os
2.2.1
appleiphone_os
3.0
appleiphone_os
3.0.1
appleiphone_os
3.1
appleiphone_os
3.1.2
appleiphone_os
3.1.3
appleiphone_os
3.2
appleiphone_os
3.2.1
appleiphone_os
3.2.2
appleiphone_os
4.0
appleiphone_os
4.0.1
appleiphone_os
4.0.2
appleiphone_os
4.1
appleiphone_os
4.2
appleiphone_os
4.2.1
appleiphone_os
4.2.5
appleiphone_os
4.3.0
appleiphone_os
4.3.1
appleiphone_os
4.3.2
appleiphone_os
4.3.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freetype
bookworm
2.12.1+dfsg-5+deb12u3
fixed
bullseye
2.10.4+dfsg-1+deb11u1
fixed
sid
2.13.3+dfsg-1
fixed
trixie
2.13.3+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freetype
hardy
not-affected
lucid
not-affected
maverick
Fixed 2.4.2-2ubuntu0.2
released
natty
Fixed 2.4.4-1ubuntu2.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
ft2demos
suse enterprise sap 12 SP5
2.6.3-7.15.1
fixed
suse enterprise server 12 SP4
2.6.3-7.15.1
fixed
suse enterprise server 12 SP5
2.6.3-7.15.1
fixed
libfreetype6
suse enterprise sap 12 SP5
2.6.3-7.15.1
fixed
suse enterprise server 12 SP4
2.6.3-7.15.1
fixed
suse enterprise server 12 SP5
2.6.3-7.15.1
fixed
libfreetype6-32bit
suse enterprise sap 12 SP5
2.6.3-7.15.1
fixed
suse enterprise server 12 SP4
2.6.3-7.15.1
fixed
suse enterprise server 12 SP5
2.6.3-7.15.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
freetype
RHEL 6
0:2.3.11-6.el6_1.6
fixed
freetype-demos
RHEL 6
0:2.3.11-6.el6_1.6
fixed
freetype-devel
RHEL 6
0:2.3.11-6.el6_1.6
fixed
Common Weakness Enumeration
References
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html
http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html
http://secunia.com/advisories/45167
http://secunia.com/advisories/45224
http://support.apple.com/kb/HT4802
http://support.apple.com/kb/HT4803
http://support.apple.com/kb/HT5002
http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html
http://www.debian.org/security/2011/dsa-2294
http://www.mandriva.com/security/advisories?name=MDVSA-2011:120
http://www.redhat.com/support/errata/RHSA-2011-1085.html
http://www.securityfocus.com/bid/48619
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html
http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html
http://secunia.com/advisories/45167
http://secunia.com/advisories/45224
http://support.apple.com/kb/HT4802
http://support.apple.com/kb/HT4803
http://support.apple.com/kb/HT5002
http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html
http://www.debian.org/security/2011/dsa-2294
http://www.mandriva.com/security/advisories?name=MDVSA-2011:120
http://www.redhat.com/support/errata/RHSA-2011-1085.html
http://www.securityfocus.com/bid/48619