Lucene search

K

Gentoo FoundationGLSA-201204-04

HistoryApr 17, 2012 - 12:00 a.m.

FreeType: Multiple vulnerabilities

2012-04-1700:00:00

Gentoo Foundation

security.gentoo.org

10

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.244 Low

EPSS

Percentile

96.7%

Background

FreeType is a high-quality and portable font engine.

Description

Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted font, possibly resulting in execution of arbitrary code with the privileges of the user running the application, or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All FreeType users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=media-libs/freetype-2.4.9"

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-libs/freetype< 2.4.9UNKNOWN

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.244 Low

EPSS

Percentile

96.7%

Related for GLSA-201204-04

nessus17 openvas29 mozilla1 suse6 ubuntu1 redhat1 freebsd2 oraclelinux1 centos1 securityvulns5 debian1 slackware1 amazon1 nvd19 cve19 veracode14 debiancve19 cvelist19 ubuntucve19 prion19