FreeType vulnerabilities

2015-02-2400:00:00

ubuntu.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

High

EPSS

0.043

Percentile

92.5%

JSON

Releases

Ubuntu 14.10
Ubuntu 14.04 ESM
Ubuntu 12.04
Ubuntu 10.04

Packages

freetype - FreeType 2 is a font engine library

Details

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed font files. If a user were tricked into using a specially crafted
font file, a remote attacker could cause FreeType to crash or possibly
execute arbitrary code with user privileges.

OSVersionArchitecturePackageVersionFilename
Ubuntu14.10noarchlibfreetype6< 2.5.2-2ubuntu1.1UNKNOWN
Ubuntu14.10noarchfreetype2-demos< 2.5.2-2ubuntu1.1UNKNOWN
Ubuntu14.10noarchlibfreetype6-dev< 2.5.2-2ubuntu1.1UNKNOWN
Ubuntu14.10noarchlibfreetype6-udeb< 2.5.2-2ubuntu1.1UNKNOWN
Ubuntu14.04noarchlibfreetype6< 2.5.2-1ubuntu2.4UNKNOWN
Ubuntu14.04noarchfreetype2-demos< 2.5.2-1ubuntu2.4UNKNOWN
Ubuntu14.04noarchlibfreetype6-dev< 2.5.2-1ubuntu2.4UNKNOWN
Ubuntu14.04noarchlibfreetype6-udeb< 2.5.2-1ubuntu2.4UNKNOWN
Ubuntu12.04noarchlibfreetype6< 2.4.8-1ubuntu2.2UNKNOWN
Ubuntu12.04noarchfreetype2-demos< 2.4.8-1ubuntu2.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	14.10	noarch	libfreetype6	< 2.5.2-2ubuntu1.1	UNKNOWN
Ubuntu	14.10	noarch	freetype2-demos	< 2.5.2-2ubuntu1.1	UNKNOWN
Ubuntu	14.10	noarch	libfreetype6-dev	< 2.5.2-2ubuntu1.1	UNKNOWN
Ubuntu	14.10	noarch	libfreetype6-udeb	< 2.5.2-2ubuntu1.1	UNKNOWN
Ubuntu	14.04	noarch	libfreetype6	< 2.5.2-1ubuntu2.4	UNKNOWN
Ubuntu	14.04	noarch	freetype2-demos	< 2.5.2-1ubuntu2.4	UNKNOWN
Ubuntu	14.04	noarch	libfreetype6-dev	< 2.5.2-1ubuntu2.4	UNKNOWN
Ubuntu	14.04	noarch	libfreetype6-udeb	< 2.5.2-1ubuntu2.4	UNKNOWN
Ubuntu	12.04	noarch	libfreetype6	< 2.4.8-1ubuntu2.2	UNKNOWN
Ubuntu	12.04	noarch	freetype2-demos	< 2.4.8-1ubuntu2.2	UNKNOWN