9.3

CVE-2011-0226

Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreetypeFreetype Version <= 2.4.5
FreetypeFreetype Version2.2.1
FreetypeFreetype Version2.2.10
FreetypeFreetype Version2.3.0
FreetypeFreetype Version2.3.1
FreetypeFreetype Version2.3.2
FreetypeFreetype Version2.3.3
FreetypeFreetype Version2.3.4
FreetypeFreetype Version2.3.5
FreetypeFreetype Version2.3.6
FreetypeFreetype Version2.3.7
FreetypeFreetype Version2.3.8
FreetypeFreetype Version2.3.9
FreetypeFreetype Version2.3.10
FreetypeFreetype Version2.3.11
FreetypeFreetype Version2.3.12
FreetypeFreetype Version2.4.0
FreetypeFreetype Version2.4.1
FreetypeFreetype Version2.4.2
FreetypeFreetype Version2.4.3
FreetypeFreetype Version2.4.4
AppleiPhone OS Version <= 4.2.8
AppleiPhone OS Version1.0.0
AppleiPhone OS Version1.0.1
AppleiPhone OS Version1.0.2
AppleiPhone OS Version1.1.0
AppleiPhone OS Version1.1.1
AppleiPhone OS Version1.1.2
AppleiPhone OS Version1.1.3
AppleiPhone OS Version1.1.4
AppleiPhone OS Version1.1.5
AppleiPhone OS Version2.0
AppleiPhone OS Version2.0.0
AppleiPhone OS Version2.0.1
AppleiPhone OS Version2.0.2
AppleiPhone OS Version2.1
AppleiPhone OS Version2.1.1
AppleiPhone OS Version2.2
AppleiPhone OS Version2.2.1
AppleiPhone OS Version3.0
AppleiPhone OS Version3.0.1
AppleiPhone OS Version3.1
AppleiPhone OS Version3.1.2
AppleiPhone OS Version3.1.3
AppleiPhone OS Version3.2
AppleiPhone OS Version3.2.1
AppleiPhone OS Version3.2.2
AppleiPhone OS Version4.0
AppleiPhone OS Version4.0.1
AppleiPhone OS Version4.0.2
AppleiPhone OS Version4.1
AppleiPhone OS Version4.2
AppleiPhone OS Version4.2.1
AppleiPhone OS Version4.2.5
AppleiPhone OS Version4.3.0
AppleiPhone OS Version4.3.1
AppleiPhone OS Version4.3.2
AppleiPhone OS Version4.3.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.65% 0.93
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://support.apple.com/kb/HT5002
http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html
Vendor Advisory
http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html
Vendor Advisory
http://support.apple.com/kb/HT4802
Vendor Advisory
http://support.apple.com/kb/HT4803
Vendor Advisory
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html
http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html
http://secunia.com/advisories/45167
Vendor Advisory
http://secunia.com/advisories/45224
Vendor Advisory
http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html
http://www.debian.org/security/2011/dsa-2294
http://www.mandriva.com/security/advisories?name=MDVSA-2011:120
http://www.redhat.com/support/errata/RHSA-2011-1085.html
http://www.securityfocus.com/bid/48619