Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-201805-3
HistoryMay 09, 2018 - 12:00 a.m.

[ASA-201805-3] freetype2: denial of service

2018-05-0900:00:00
security.archlinux.org
15

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

70.5%

JSON

Arch Linux Security Advisory ASA-201805-3

Severity: Low
Date : 2018-05-09
CVE-ID : CVE-2018-6942
Package : freetype2
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-613

Summary

The package freetype2 before version 2.9.1-1 is vulnerable to denial of
service.

Resolution

Upgrade to 2.9.1-1.

pacman -Syu “freetype2>=2.9.1-1”

The problem has been fixed upstream in version 2.9.1.

Workaround

None.

Description

An issue was discovered in FreeType 2 before 2.9.1. A NULL pointer
dereference in the Ins_GETVARIATION() function within ttinterp.c could
lead to denial of service via a crafted font file.

Impact

A remote attacker is able to cause a denial of service via a specially
crafted file.

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef
https://security.archlinux.org/CVE-2018-6942

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanyfreetype2< 2.9.1-1UNKNOWN

Related

mageia 1
ubuntucve 1
nessus 14
openvas 8
cvelist 1
nvd 1
cve 1
redhatcve 1
fedora 2
prion 1
alpinelinux 1
veracode 1
suse 1
debiancve 1
osv 2
ubuntu 1
photon 5
f5 1
oracle 2
mageia
mageia
Updated freetype2 packages fix security vulnerability
2018-02-25 02:25:24
ubuntucve
ubuntucve
CVE-2018-6942
2018-02-13 00:00:00
nessus
nessus
Photon OS 2.0: Freetype2 PHSA-2018-2.0-0058
2019-02-07 00:00:00
Ubuntu 17.10 : freetype vulnerability (USN-3572-1)
2018-02-15 00:00:00
Fedora 27 : freetype (2018-07a3e36499)
2018-02-21 00:00:00
openvas
openvas
Fedora Update for freetype FEDORA-2018-07a3e36499
2018-02-21 00:00:00
openSUSE: Security Advisory for freetype2 (openSUSE-SU-2020:0704-1)
2020-05-24 00:00:00
Ubuntu: Security Advisory (USN-3572-1)
2018-10-26 00:00:00
cvelist
cvelist
CVE-2018-6942
2018-02-13 05:00:00
nvd
nvd
CVE-2018-6942
2018-02-13 05:29:00
cve
cve
CVE-2018-6942
2018-02-13 05:29:00
redhatcve
redhatcve
CVE-2018-6942
2018-02-13 13:49:03
fedora
fedora
[SECURITY] Fedora 27 Update: freetype-2.8-8.fc27
2018-02-20 17:21:10
[SECURITY] Fedora 26 Update: freetype-2.7.1-10.fc26
2018-03-13 17:19:53
prion
prion
Null pointer dereference
2018-02-13 05:29:00
alpinelinux
alpinelinux
CVE-2018-6942
2018-02-13 05:29:00
veracode
veracode
Denial Of Service (DoS)
2021-07-06 07:21:56
suse
suse
Security update for freetype2 (moderate)
2020-05-24 00:00:00
debiancve
debiancve
CVE-2018-6942
2018-02-13 05:29:00
osv
osv
CVE-2018-6942
2018-02-13 05:29:00
freetype2-devel-2.11.0-1.2 on GA media
2024-06-15 00:00:00
ubuntu
ubuntu
FreeType vulnerability
2018-02-14 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0148
2018-06-14 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0058
2018-06-14 00:00:00
Moderate Photon OS Security Update - PHSA-2018-0148
2018-06-14 00:00:00
f5
f5
K000141127: Multiple FreeType vulnerabilities
2024-09-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

70.5%

JSON
Related for ASA-201805-3
mageia1ubuntucve1nessus14openvas8cvelist1nvd1cve1redhatcve1fedora2prion1alpinelinux1veracode1suse1debiancve1osv2ubuntu1photon5f51oracle2