9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.2 High
AI Score
Confidence
Low
0.058 Low
EPSS
Percentile
93.4%
I uploaded new packages for freetype which fixed the
following security problems:
CVE-2011-3439
FreeType allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption) via a crafted
font, a different vulnerability than CVE-2011-3256.
CVE-2011-3256
FreeType before 2.4.7 allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption)
via a crafted font, a different vulnerability than
CVE-2011-0226.
CVE-2011-0226
Integer signedness error in psaux/t1decode.c in FreeType before
2.4.6 allows remote attackers to execute arbitrary code or cause
a denial of service (memory corruption and application crash)
via a crafted Type 1 font.
For the squeeze-backports distribution the problems have been fixed in
version 2.4.8-1~bpo60+1.