ID

VAR-201008-0306


CVE

CVE-2010-1797


TITLE

FreeType 2 CFF font stack corruption vulnerability

Trust: 0.8

sources: CERT/CC: VU#275247

DESCRIPTION

Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information. FreeType 2 Is CFF A vulnerability exists in the handling of fonts. FreeType Is a library for handling various types of font files. FreeType 2 Is CFF A vulnerability exists in the processing of fonts that causes a stack corruption. Attack activity using this vulnerability has been confirmed.Crafted CFF Font FreeType 2 By loading it with an application that uses, arbitrary code may be executed by a remote third party. FreeType is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary-checks on user-supplied data. Failed exploit attempts will likely result in denial-of-service conditions. This BID has been updated to reflect details that may have been included in BID 42151. Apple iOS for iPhone, iPod touch, and iPad is prone to a local privilege-escalation vulnerability that affects the 'IOSurface' component. Successfully exploiting this issue can allow attackers to elevate privileges, leading to a complete compromise of the device. iOS versions 4.0.1 and prior are vulnerable. NOTE (August 12, 2010): This BID was previously titled 'Apple iOS Multiple Vulnerabilities' and included details about a remote code-execution vulnerability. Following further analysis, we determined that the remote code-execution issue was already documented in BID 42241 (FreeType Compact Font Format (CFF) Multiple Stack Based Buffer Overflow Vulnerabilities). FreeType is a C language-based, high-quality and portable open source font engine library developed by the FreeType team. It can be used to rasterize and map characters into bitmaps and provide support for other font-related businesses. =========================================================== Ubuntu Security Notice USN-972-1 August 17, 2010 freetype vulnerabilities CVE-2010-1797, CVE-2010-2541, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libfreetype6 2.1.10-1ubuntu2.8 Ubuntu 8.04 LTS: libfreetype6 2.3.5-1ubuntu4.8.04.4 Ubuntu 9.04: libfreetype6 2.3.9-4ubuntu0.3 Ubuntu 9.10: libfreetype6 2.3.9-5ubuntu0.2 Ubuntu 10.04 LTS: libfreetype6 2.3.11-1ubuntu2.2 After a standard system update you need to restart your session to make all the necessary changes. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.8.diff.gz Size/MD5: 70961 d986f14b69d50fe1884e8dd5f9386731 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.8.dsc Size/MD5: 719 a91985ecc92b75aa3f3647506bad4039 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz Size/MD5: 1323617 adf145ce51196ad1b3054d5fb032efe6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_amd64.deb Size/MD5: 717794 f332d5b1974aa53f200e4e6ecf9df088 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_amd64.deb Size/MD5: 440974 afa83868cc67cec692f72a9dc93635ff http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_amd64.deb Size/MD5: 133902 dca56851436275285b4563c96388a070 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_amd64.udeb Size/MD5: 251958 358627e207009dbe0c5be095e7bed18d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_i386.deb Size/MD5: 677592 ee43f5e97f31b8da57582dbdb1e63033 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_i386.deb Size/MD5: 416328 ef092c08ba2c167af0da25ab743ea663 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_i386.deb Size/MD5: 117302 b2633ed4487657fe349fd3de76fce405 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_i386.udeb Size/MD5: 227436 f55ab8a9bb7e76ad743f6c0fa2974e64 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_powerpc.deb Size/MD5: 708654 ee71c714e62e96a9af4cf7ba909142e6 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_powerpc.deb Size/MD5: 431036 4f1c6a1e28d3a14b593bef37605119ab http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_powerpc.deb Size/MD5: 134260 66ba7d95f551eaadb1bba5a56d76529d http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_powerpc.udeb Size/MD5: 241726 d2c4f13b12c8280b1fad56cdc0965502 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_sparc.deb Size/MD5: 683964 49df9101deb9a317229351d72b5804ec http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_sparc.deb Size/MD5: 411982 efaca20d5deec9e51be023710902852b http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_sparc.deb Size/MD5: 120138 ff723720ed499e40049e3487844b9db3 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_sparc.udeb Size/MD5: 222676 71f172ba71fc507b04e5337d55b32ed6 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.4.diff.gz Size/MD5: 40949 1cc5014da4db8200edb54df32561fcd0 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.4.dsc Size/MD5: 907 7f698125814f4ca67a01b0a66d9bcfe9 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5.orig.tar.gz Size/MD5: 1536077 4a5bdbe1ab92f3fe4c4816f9934a5ec2 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_amd64.deb Size/MD5: 694322 c740e1665d09a0c691163a543c8d650b http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_amd64.deb Size/MD5: 362386 5b085e83764fcda129bede2c5c4ca179 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_amd64.deb Size/MD5: 221392 dbebbbaffc086dccf550468fff1daa92 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_amd64.udeb Size/MD5: 258454 f3903d4e43891753f3c6439cd862617f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_i386.deb Size/MD5: 663330 7601af27049730f0f7afcfa30244ae88 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_i386.deb Size/MD5: 347172 de53a441e28e385598d20333ff636026 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_i386.deb Size/MD5: 201266 c9c50bdc87d0a46fc43f3bbca26adec5 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_i386.udeb Size/MD5: 243462 16bb61f604fe48a301f6faeaa094d266 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_lpia.deb Size/MD5: 665120 bf0dcd13b8a171f6a740ca225d943e68 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_lpia.deb Size/MD5: 347512 d2beee3ccf7fe0233825d46cc61ca62d http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_lpia.deb Size/MD5: 205560 7879f630a5356e3d6e9c0609e8008de9 http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_lpia.udeb Size/MD5: 244324 4e10fb5e68a78312eb02c69508120c6a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_powerpc.deb Size/MD5: 687156 6d36300396fa84d6f889147b0247f385 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_powerpc.deb Size/MD5: 358086 06b9874cc9ba11fdb6feb10b0831e890 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_powerpc.deb Size/MD5: 235578 ce514bab4cbc028a0451742c38c633cd http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_powerpc.udeb Size/MD5: 254526 d50f40a9421b52f4302c4d260170edb3 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_sparc.deb Size/MD5: 658094 184f0f51023baa8ce459fababaa190d9 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_sparc.deb Size/MD5: 332124 5aa036de5269896c893ea8f825329b84 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_sparc.deb Size/MD5: 199782 9323f9209333cf42114e97d3305d901c http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_sparc.udeb Size/MD5: 227810 7657e99ad137ad5ce654b74cfbbfdc10 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.3.diff.gz Size/MD5: 44032 17b27322a6448d40599c55561209c940 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.3.dsc Size/MD5: 1311 5124a4df7016a625a631c1ff4661aae9 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_amd64.deb Size/MD5: 729408 788a2af765a8356c4a7c01e893695b0b http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_amd64.udeb Size/MD5: 272950 a1f9a0ad0d036e5a14b073c139ce5408 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_amd64.deb Size/MD5: 407052 bfd510dc0c46a0f25dd3329693ee66a8 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_amd64.deb Size/MD5: 226474 9b8e6c521d8629b9b1db2760209460a3 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_i386.deb Size/MD5: 697818 9176ee8649b8441333d7c5d9359c53a6 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_i386.udeb Size/MD5: 257896 c26f46491d69a174fa9cad126a3201cf http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_i386.deb Size/MD5: 392692 648d0605a187b74291b3233e5e4930e3 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_i386.deb Size/MD5: 198834 0b41da08de5417a7db21e24e730e03d9 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_lpia.deb Size/MD5: 698682 12c20dd647db986bd87a250d8706e8e8 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_lpia.udeb Size/MD5: 257736 dee60e4b8a1824d2aa13364ec0f01602 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_lpia.deb Size/MD5: 392978 e19bcc3c8c0cec76227c64843b01516a http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_lpia.deb Size/MD5: 201636 a558e986b6c6e878e115126e7d3a28a5 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_powerpc.deb Size/MD5: 720040 70c8792cddd9cfe45480f8d760dd0163 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_powerpc.udeb Size/MD5: 265790 b356a500845d045f431db6ef4db4f811 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_powerpc.deb Size/MD5: 400532 91aa4eea6b8e9b67a721b552caab8468 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_powerpc.deb Size/MD5: 227834 fa22e303b8d06dfb99a8c3c1f2980061 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_sparc.deb Size/MD5: 689244 dff22369b1bb07d4ef7c6d9f474149db http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_sparc.udeb Size/MD5: 238164 cb1e597bd0065d2ffbad763a52088c1d http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_sparc.deb Size/MD5: 372422 c6f36ae3119f8f17368d796943ba9908 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_sparc.deb Size/MD5: 201390 c3f108859375787b11190d3c5a1d966b Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.2.diff.gz Size/MD5: 43530 f78681f1641b93f34d41ff4d6f31eb71 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.2.dsc Size/MD5: 1311 8a9a302e0a62f2dbe2a62aba456e2108 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_amd64.deb Size/MD5: 731028 3b5ed0ad073cca0c1eee212b0e12f255 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_amd64.udeb Size/MD5: 275110 a23822489a0d7d45152f341b86f0df20 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_amd64.deb Size/MD5: 409362 ba180d650e17df6980ca09b8d1a109e1 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_amd64.deb Size/MD5: 230774 a0a51691eefc0fb6e94d41c3282c3ab2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_i386.deb Size/MD5: 696892 ad2164ed812ccd9cf7829659cff219c7 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_i386.udeb Size/MD5: 258710 c2d256e87eaee83ab83592247588bee7 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_i386.deb Size/MD5: 393912 c8d04b785d17066229bab50a3c13e1af http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_i386.deb Size/MD5: 195702 02aa03f1f62a61383d829b5bf494b7b0 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_lpia.deb Size/MD5: 699382 ff8200917b43322062d2f3b5f3f6bab8 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_lpia.udeb Size/MD5: 259348 0395bdbaf357d161d0f1d3b257ae4732 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_lpia.deb Size/MD5: 394122 8481f2e278a5da28b28ef0fa79207662 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_lpia.deb Size/MD5: 198546 a3f0a848da83a64d14344b6744b33a90 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_powerpc.deb Size/MD5: 719762 bd7185c852b151794c27f8c2ead4da94 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_powerpc.udeb Size/MD5: 264578 58a77cbf2ae4c2a447a81cce72f6b8c5 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_powerpc.deb Size/MD5: 399118 c943fa66513b862ccb6ac99699c9e33c http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_powerpc.deb Size/MD5: 203834 842dd94d9b3fad52c0b1b6489775d2ea sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_sparc.deb Size/MD5: 691054 557de31093ac67c2dedec97e55998295 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_sparc.udeb Size/MD5: 240534 f3c79ed9e84e7169851de3f432b613c3 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_sparc.deb Size/MD5: 374982 e84af1b516f050ee9bdb93c213994943 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_sparc.deb Size/MD5: 195786 599978c8d9cff2525eba228c793833c3 Updated packages for Ubuntu 10.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.2.diff.gz Size/MD5: 41646 9b97425327300eda74c492034fed50ad http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.2.dsc Size/MD5: 1313 b7b625334a0d9c926bf34cc83dcc904c http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11.orig.tar.gz Size/MD5: 1709600 5aa22c0bc6aa3815b40a309ead2b9d1b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_amd64.deb Size/MD5: 739530 db9147ce9477b7ab22374f89d24b24ca http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_amd64.udeb Size/MD5: 277536 35fc46f3c281aee82eeed4e00cfdacdc http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_amd64.deb Size/MD5: 434932 1bf8e620c3008504b87354470e7be9a5 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_amd64.deb Size/MD5: 221434 4b4fcbd633bf1b3c2151617adae44835 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_i386.deb Size/MD5: 704694 f58601afde2b4bc257492762654cbf94 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_i386.udeb Size/MD5: 260916 a540a7f9ae973bce66bbd3fdb9a4f849 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_i386.deb Size/MD5: 419000 d4a78ce7ae146caa59b61f43b27d363c http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_i386.deb Size/MD5: 188710 e94b4202fcfe184fdf81409fe610a42a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_powerpc.deb Size/MD5: 728090 5f2e98a54cb2a0ac03591c387aacf461 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_powerpc.udeb Size/MD5: 266750 66bf2b146ab219d1b78e1887d0053f2a http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_powerpc.deb Size/MD5: 424614 fd964644b45bbbc79729c9609c4b6bb8 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_powerpc.deb Size/MD5: 196686 b88a8cebff19c95b6c9c161f7d1bb472 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_sparc.deb Size/MD5: 707164 bf26d7cb1aa3f759ca31510f92888053 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_sparc.udeb Size/MD5: 250768 100b4d4b270421fb1dcb503c88b547e8 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_sparc.deb Size/MD5: 408132 b009cd0f1aafa500f8cc16273e9f2ed9 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_sparc.deb Size/MD5: 198302 504ec3da9ee2048391e2c4035d7149fc . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch 1. *Advisory Information* Title: Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch Advisory Id: CORE-2010-0825 Advisory URL: [http://www.coresecurity.com/content/Apple-OSX-ATSServer-CharStrings-Sign-Mismatch] Date published: 2010-11-08 Date of last update: 2010-11-08 Vendors contacted: Apple Release mode: User release 2. *Vulnerability Information* Class: Input validation error [CWE-20] Impact: Code execution Remotely Exploitable: Yes (client-side) Locally Exploitable: No CVE Name: CVE-2010-1797 Bugtraq ID: N/A 3. *Vulnerability Description* The Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of the CharStrings INDEX structure. This vulnerability is a variation of the vulnerability labeled as CVE-2010-1797 (FreeType JailbreakMe iPhone exploit variation). 4. *Vulnerable packages* . Apple Mac OS X v10.5.x 5. *Solutions and Workarounds* According to information provided to us by Apple, a patch for this fix has already been developed. Apple provided us a release date for this patch in two opportunities but then failed to meet their our deadlines without giving us any notice or explanation. Apple Mac OSX 10.6 is not affected by this vulnerability, upgrading to this version is highly recommed when possible. 6. *Credits* This vulnerability was discovered and researched by Anibal Sacco [http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=researcher&name=Anibal_Sacco] and Matias Eissler [http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=researcher&name=Matias_Eissler], from Core Security Technologies. Publication was coordinated by Fernando Russ and Pedro Varangot. 7. *Technical Description* When loading a PDF with an embedded CFF font a sign mismatch error exists in ATSServer when handling the last offset value of the CharStrings INDEX structure. This could be triggered in different ways: . When trying to make a thumbnail of the file . When trying to open the file with the Preview app . Serving the file in a web server and tricking the user to click on it. Embedded in an email (if handled by Mail.app) This allows to corrupt the process memory by controlling the size parameter of a memcpy function call allowing an attacker to get code execution. At [00042AFA] we can see how the value obtained from the file is sign extended prior to be passed to the function loc_370F0. Inside this function this value will be used as the size parameter of memcpy: /----- 00042AF2 movsx eax, word ptr [edx+5Eh] 00042AF6 mov [esp+0Ch], eax 00042AFA movsx eax, word ptr [esi+4] 00042AFE mov [esp], edi 00042B01 mov [esp+8], eax 00042B05 mov eax, [ebp-2Ch] 00042B08 mov [esp+4], eax 00042B0C call loc_370F0 - -----/ An attacker could take advantage of this condition by setting a negative offset value (0xfffa) in the file that will be converted to a DWORD without enough validation leading to a memcpy of size 0xfffffffa. This vulnerability results in arbitrary code execution. 8. *Report Timeline* . 2010-08-26: Vendor contacted, a draft of this advisory is sent and September 28th is proposed as a coordinated publication date. Core remarks that since this is a variation of a publicly disclossed vulnerability it may have already been discovered by other security researchers like vulnerability research brokers or independent security researchers. 2010-08-28: The Apple Product Security team acknowledges the report, saying that they were able to reproduce the issue in Mac OS X 10.5 but not in Mac OS X 10.6, they also said that the deadline for September 28th will be imposible to meet. 2010-08-30: Core informs Apple that there is no problem changing the publication date for the report, whenever the new publication date remains reasonable. Also, Core asks for a tentive timeframe for the fix, and confirm that Mac OS X 10.6 does not seem to be affected. 2010-08-31: Apple acknowledges the comunication informing the publication timing, and state that they are still trying to determine the most appropiate timeframe. 2010-09-28: Core asks the vendor for an update regarding this issue. Also, Core asks for a specific timeframe for the fix, and sets October 18th as tentative publication date. 2010-09-28: Apple acknowledges the comunication informing that this issue will be fixed in the next security update of Mac OS X 10.5, which is tentatively scheduled for the end of October without a firm date of publication. 2010-08-31: Apple asks Core about credit information for the advisory. 2010-09-28: Core acknowledges the comunication sending the credit information for this report. 2010-10-20: Core asks Apple for a firm date for the release of this securiry issue since the initial propossed timeframe of October 18th is due. 2010-10-22: Apple acknowledges the comunication informing that the publication date is scheduled to the week of October 25th. Also, Apple notifies that the assigned identifier for this vulnerability is CVE-2010-1797. 2010-11-01: Core asks Apple for a new schedule for the publication, since there was no notice of any Apple security update during the week of October 25th. 2010-11-01: Apple acknowledges the communication informing that the publication date was rescheduled to the middle of the week of November 1st. 2010-11-03: Core informs Apple that the publication of this advisory was scheduled to Monday 8th, taking into account the last communication this is a final publication date. Core also informs that the information about how this vulnerability was found and how it can be exploited will be discussed in a small infosec related local event in Buenos Aires city. 2010-11-08: Core publishes advisory CORE-2010-0825. 9. *References* [1] [http://en.wikipedia.org/wiki/PostScript_fonts#Compact_Font_Format] 10. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: [http://corelabs.coresecurity.com]. 11. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 12. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: [http://creativecommons.org/licenses/by-nc-sa/3.0/us/] 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzYayoACgkQyNibggitWa2PMgCfSvLwR5OgWfmFIwpONWL+dMa3 njEAnjIZFF+zG/wWK3IscWx3VyNW5F30 =XULv -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1797 https://bugzilla.redhat.com/show_bug.cgi?id=621144 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: e5b2f1ac6039b90de44e4c54a7dc15ad 2008.0/i586/libfreetype6-2.3.5-2.4mdv2008.0.i586.rpm ec559f7f70f91973c7c3337d170c2bf1 2008.0/i586/libfreetype6-devel-2.3.5-2.4mdv2008.0.i586.rpm 0f87bab9e3ba83faf24b13b13e8a16a5 2008.0/i586/libfreetype6-static-devel-2.3.5-2.4mdv2008.0.i586.rpm 0d6118b220d595e52174eb7cc2675980 2008.0/SRPMS/freetype2-2.3.5-2.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5d3a64ac00fb880838ea068bceb28055 2008.0/x86_64/lib64freetype6-2.3.5-2.4mdv2008.0.x86_64.rpm d052dabc9b4f9fa41863eb8ca1fe334b 2008.0/x86_64/lib64freetype6-devel-2.3.5-2.4mdv2008.0.x86_64.rpm 281d278bf445567d29c510d0d27f7489 2008.0/x86_64/lib64freetype6-static-devel-2.3.5-2.4mdv2008.0.x86_64.rpm 0d6118b220d595e52174eb7cc2675980 2008.0/SRPMS/freetype2-2.3.5-2.4mdv2008.0.src.rpm Mandriva Linux 2009.0: ed81cc7ed3660ce94c3c6d00d556ac18 2009.0/i586/libfreetype6-2.3.7-1.3mdv2009.0.i586.rpm 325432a13a72aaf457847f4a205b9823 2009.0/i586/libfreetype6-devel-2.3.7-1.3mdv2009.0.i586.rpm bcd0dbb954f1a4e09d10e03556ea2497 2009.0/i586/libfreetype6-static-devel-2.3.7-1.3mdv2009.0.i586.rpm 373a3d35198adefaabfdb3d75c4359b1 2009.0/SRPMS/freetype2-2.3.7-1.3mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 4af7ec1921662eaa37e6a5b27998cdec 2009.0/x86_64/lib64freetype6-2.3.7-1.3mdv2009.0.x86_64.rpm c53e5285ea05fc68168a800df25a9556 2009.0/x86_64/lib64freetype6-devel-2.3.7-1.3mdv2009.0.x86_64.rpm 3a5b5a4aa2eec538b0479f066fa6e7e7 2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.3mdv2009.0.x86_64.rpm 373a3d35198adefaabfdb3d75c4359b1 2009.0/SRPMS/freetype2-2.3.7-1.3mdv2009.0.src.rpm Mandriva Linux 2009.1: ce6a11ba3156f8e1ac8339bf3c94f709 2009.1/i586/libfreetype6-2.3.9-1.4mdv2009.1.i586.rpm dc2573dc94973052652f2481651e927a 2009.1/i586/libfreetype6-devel-2.3.9-1.4mdv2009.1.i586.rpm aee56bcfbed1899495f00e87ddaed7ce 2009.1/i586/libfreetype6-static-devel-2.3.9-1.4mdv2009.1.i586.rpm aaa5a09d40624240e901b31d4f0e98c0 2009.1/SRPMS/freetype2-2.3.9-1.4mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 9e51fa000bb7e106189845ca6694ae15 2009.1/x86_64/lib64freetype6-2.3.9-1.4mdv2009.1.x86_64.rpm 2ec9a71562a8d40a8accaf967b3c2a75 2009.1/x86_64/lib64freetype6-devel-2.3.9-1.4mdv2009.1.x86_64.rpm 8e87a5ba6fd376aeceef71fe5b809f86 2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.4mdv2009.1.x86_64.rpm aaa5a09d40624240e901b31d4f0e98c0 2009.1/SRPMS/freetype2-2.3.9-1.4mdv2009.1.src.rpm Mandriva Linux 2010.0: faf191e76adc0e2f8f4bebfd97f36a49 2010.0/i586/libfreetype6-2.3.11-1.2mdv2010.0.i586.rpm 7202581d10580a63ba28eb4b0dce708c 2010.0/i586/libfreetype6-devel-2.3.11-1.2mdv2010.0.i586.rpm ecaad382e83f7005a1d76a585dfe879c 2010.0/i586/libfreetype6-static-devel-2.3.11-1.2mdv2010.0.i586.rpm 3c34f8f0e0352ef0a11c57d4eadc1ccd 2010.0/SRPMS/freetype2-2.3.11-1.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 9ffe17211ba4e4a6aa67e73e4c22e020 2010.0/x86_64/lib64freetype6-2.3.11-1.2mdv2010.0.x86_64.rpm eebaba0b5509b21da03a432699198342 2010.0/x86_64/lib64freetype6-devel-2.3.11-1.2mdv2010.0.x86_64.rpm 90e215bda5483ee6b5d5ca74bfedf7c0 2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.2mdv2010.0.x86_64.rpm 3c34f8f0e0352ef0a11c57d4eadc1ccd 2010.0/SRPMS/freetype2-2.3.11-1.2mdv2010.0.src.rpm Mandriva Linux 2010.1: 437be09971963217a5daef5dc04d451b 2010.1/i586/libfreetype6-2.3.12-1.2mdv2010.1.i586.rpm 42f5ddeeb25353a9fa20677112e9ae7c 2010.1/i586/libfreetype6-devel-2.3.12-1.2mdv2010.1.i586.rpm c77ce226104a1febd22c920c73a807f7 2010.1/i586/libfreetype6-static-devel-2.3.12-1.2mdv2010.1.i586.rpm 11f6a185216335c804f0988621dd637c 2010.1/SRPMS/freetype2-2.3.12-1.2mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: a4a5170f277a9654f19b208deab8027c 2010.1/x86_64/lib64freetype6-2.3.12-1.2mdv2010.1.x86_64.rpm 4637ff02b2739b2d29c94333f00ce59e 2010.1/x86_64/lib64freetype6-devel-2.3.12-1.2mdv2010.1.x86_64.rpm 20a9488e5100b9a4f925fb777e00248d 2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.2mdv2010.1.x86_64.rpm 11f6a185216335c804f0988621dd637c 2010.1/SRPMS/freetype2-2.3.12-1.2mdv2010.1.src.rpm Corporate 4.0: 516a71993da7404ae96b14699cb1aa5f corporate/4.0/i586/libfreetype6-2.1.10-9.11.20060mlcs4.i586.rpm 839108110543d3243a725c3c2153ea46 corporate/4.0/i586/libfreetype6-devel-2.1.10-9.11.20060mlcs4.i586.rpm 8c912e309a35917d533fcf3be251f662 corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.11.20060mlcs4.i586.rpm e6e59f81030a80f5a1704f130e34b3ec corporate/4.0/SRPMS/freetype2-2.1.10-9.11.20060mlcs4.src.rpm Corporate 4.0/X86_64: cf591c59af6e46e62609ff34892f52d3 corporate/4.0/x86_64/lib64freetype6-2.1.10-9.11.20060mlcs4.x86_64.rpm 55e0f089dee699185f317e863b12c590 corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.11.20060mlcs4.x86_64.rpm 7eec0361fb43382f4aa9558e2698af89 corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.11.20060mlcs4.x86_64.rpm e6e59f81030a80f5a1704f130e34b3ec corporate/4.0/SRPMS/freetype2-2.1.10-9.11.20060mlcs4.src.rpm Mandriva Enterprise Server 5: cfed1363663ad29113cb1655c3e56429 mes5/i586/libfreetype6-2.3.7-1.3mdvmes5.1.i586.rpm bfc520ee4832553381a304209442dcc1 mes5/i586/libfreetype6-devel-2.3.7-1.3mdvmes5.1.i586.rpm 92f6f546f2dad9a2bf7031261079294a mes5/i586/libfreetype6-static-devel-2.3.7-1.3mdvmes5.1.i586.rpm d32510c26f462ffb120f4c4284f412d4 mes5/SRPMS/freetype2-2.3.7-1.3mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 35c99bfa9c7a0799a4f304d3a2de2f11 mes5/x86_64/lib64freetype6-2.3.7-1.3mdvmes5.1.x86_64.rpm 9dcb3dfb3769618d8b2c93f3f4ba53db mes5/x86_64/lib64freetype6-devel-2.3.7-1.3mdvmes5.1.x86_64.rpm 165edd82ca0492d88d393e8a65ad5869 mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.3mdvmes5.1.x86_64.rpm d32510c26f462ffb120f4c4284f412d4 mes5/SRPMS/freetype2-2.3.7-1.3mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMZBO6mqjQ0CJFipgRAvckAKCpFuRGLxgICBqETRTbXhdZpg8RywCgjKjm 46cbqAt0xVJvR5AdhA3z/FY= =T9it -----END PGP SIGNATURE----- . CVE-2010-3053 bdf/bdflib.c in FreeType allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string. For the stable distribution (lenny), these problems have been fixed in version 2.3.7-2+lenny3 For the unstable distribution (sid) and the testing distribution (squeeze), these problems have been fixed in version 2.4.2-1 We recommend that you upgrade your freetype package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.diff.gz Size/MD5 checksum: 39230 95a3841e7258573ca2d3e0075b8e7f73 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.dsc Size/MD5 checksum: 1219 2a2bf3d4568d92e2a48ebcda38140e73 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_alpha.deb Size/MD5 checksum: 775278 2f2ca060588fc33b6d7baae02201dbd2 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_alpha.deb Size/MD5 checksum: 412188 ad9537e93ed3fb61f9348470940f3ce5 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_alpha.udeb Size/MD5 checksum: 296592 e689b1c4b6bd7779e44d1cd641be9622 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_alpha.deb Size/MD5 checksum: 253786 287a98ca57139d4dee8041eba2881e3b amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_amd64.deb Size/MD5 checksum: 713260 f1d4002e7b6d185ff9f46bc25d67c4c9 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_amd64.deb Size/MD5 checksum: 223170 cb00f76d826be115243faa9dfd0b8a91 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_amd64.udeb Size/MD5 checksum: 269796 40762e686138c27ac92b20174e67012e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_amd64.deb Size/MD5 checksum: 385848 0294d7e3e1d6b37532f98344a9849cde arm architecture (ARM) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_arm.deb Size/MD5 checksum: 686154 fbe32c7124ba2ce093b31f46736e002b http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_arm.deb Size/MD5 checksum: 357158 0d793d543a33cfa192098234c925d639 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_arm.udeb Size/MD5 checksum: 242196 1cfc9f7dc6a7cd0843aa234bab35b69e http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_arm.deb Size/MD5 checksum: 205120 39ab4dfbc19c8a63affc493e0b5aaf2d armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_armel.deb Size/MD5 checksum: 684568 325686fbc2fba7687da424ada57b9419 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_armel.deb Size/MD5 checksum: 209992 69f6a68fb90658ec74dfd7cc7cc0b766 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_armel.udeb Size/MD5 checksum: 236564 a48afca5c6798d16b140b3362dfac0ca http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_armel.deb Size/MD5 checksum: 353814 76960109910d6de2f74ec0e345f00854 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_i386.udeb Size/MD5 checksum: 254452 a34af74eda0feb2b763cfc6f5b8330c1 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_i386.deb Size/MD5 checksum: 371586 ec294ffffeb9ddec389e3e988d880534 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_i386.deb Size/MD5 checksum: 198558 3283ad058d37eed8bca46df743c6a915 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_i386.deb Size/MD5 checksum: 684624 014d335b35ed41022adb628796a0c122 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_ia64.deb Size/MD5 checksum: 332160 2dbb364f09414e4b0e0f59d9e91d1edc http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_ia64.deb Size/MD5 checksum: 876692 2f6d3421d6c8424523388347c5640666 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_ia64.deb Size/MD5 checksum: 531496 5dd7755f63271f597b64c3f513e8e7f1 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_ia64.udeb Size/MD5 checksum: 415934 ea2ba16157b3504d8b9c8f251b69b16f mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mips.deb Size/MD5 checksum: 717022 9ee8c246af10f4bf7cdf5cdc54010dd6 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mips.deb Size/MD5 checksum: 213212 3641ad81738e8935c5df2b648383c8e0 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mips.deb Size/MD5 checksum: 369018 18559e273ffcea5614e71ab32b95ef47 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mips.udeb Size/MD5 checksum: 253924 1be1e224f27a780beb6799d55fa74663 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mipsel.deb Size/MD5 checksum: 369772 6181d98166fe1f004fb033f2665ce4af http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mipsel.deb Size/MD5 checksum: 214802 6edbec67ff79e96921d1fe4bf57b0fce http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mipsel.deb Size/MD5 checksum: 712502 4a99ccc68b1913f88901c5e0686fea4f http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mipsel.udeb Size/MD5 checksum: 254212 e30825a94175fd78a561b8365392cbad powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_powerpc.udeb Size/MD5 checksum: 262804 d35ced8ba625f39dc7a04e3e61e0d49d http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_powerpc.deb Size/MD5 checksum: 233882 6e294c19dd0109ee80fe6cd401b6a185 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_powerpc.deb Size/MD5 checksum: 378612 c96a180e7132c543396486b14107cdad http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_powerpc.deb Size/MD5 checksum: 708212 9602a7786b2ebffd1d75d443901574c5 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_s390.deb Size/MD5 checksum: 225190 393c9515f7cd89bcd8b0c38d6d6dd7ac http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_s390.deb Size/MD5 checksum: 384160 4e20bc56e5fc65fb08529d8765d28850 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_s390.deb Size/MD5 checksum: 698798 f589b6b8882d998bb7b89fa1dfa40b3a http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_s390.udeb Size/MD5 checksum: 268272 7b6511b9ad657aa165e906a4fcbfee11 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_sparc.deb Size/MD5 checksum: 200078 29c1833cbde5b4da5c2e35aaf856ab58 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_sparc.udeb Size/MD5 checksum: 235424 e64a8fc3b744253b22161e31fbb6e92a http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_sparc.deb Size/MD5 checksum: 352544 a7f480889460b104bbab16fd8d8da2d5 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_sparc.deb Size/MD5 checksum: 676520 6d0f57a5bd6457a9b9b85271c7001531 These files will probably be moved into the stable distribution on its next update

Trust: 3.42

sources: NVD: CVE-2010-1797 // CERT/CC: VU#275247 // JVNDB: JVNDB-2010-001892 // BID: 42241 // BID: 42151 // VULHUB: VHN-44402 // VULMON: CVE-2010-1797 // PACKETSTORM: 92842 // PACKETSTORM: 95653 // PACKETSTORM: 92722 // PACKETSTORM: 93637

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:1.1.5

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.4

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.0.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.1.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.3

Trust: 1.0

vendor:applemodel: - scope: - version: -

Trust: 0.8

vendor:debian gnu linuxmodel: - scope: - version: -

Trust: 0.8

vendor:f5model: - scope: - version: -

Trust: 0.8

vendor:foxitmodel: - scope: - version: -

Trust: 0.8

vendor:gentoo linuxmodel: - scope: - version: -

Trust: 0.8

vendor:red hatmodel: - scope: - version: -

Trust: 0.8

vendor:suse linuxmodel: - scope: - version: -

Trust: 0.8

vendor:wind rivermodel: - scope: - version: -

Trust: 0.8

vendor:freetypemodel:freetypescope:ltversion:2.4.2 earlier

Trust: 0.8

vendor:applemodel:iosscope:eqversion:2.0 to 4.0.1 (iphone 3g after )

Trust: 0.8

vendor:applemodel:iosscope:eqversion:2.1 to 4.0 (ipod touch after )

Trust: 0.8

vendor:applemodel:iosscope:eqversion:3.2 and 3.2.1 (ipad for )

Trust: 0.8

vendor:applemodel:ipadscope: - version: -

Trust: 0.8

vendor:applemodel:iphonescope: - version: -

Trust: 0.8

vendor:applemodel:ipod touchscope: - version: -

Trust: 0.8

vendor:oraclemodel:opensolarisscope: - version: -

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:10

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:8

Trust: 0.8

vendor:oraclemodel:solarisscope:eqversion:9

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3.0 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0 (x86-64)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:3.0

Trust: 0.8

vendor:turbo linuxmodel:turbolinux appliance serverscope:eqversion:3.0 (x64)

Trust: 0.8

vendor:turbo linuxmodel:turbolinux clientscope:eqversion:2008

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:11

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:11 (x64)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:4.8 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:5 (server)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:3.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:4.0

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:5.0 (client)

Trust: 0.8

vendor:red hatmodel:rhel desktop workstationscope:eqversion:5 (client)

Trust: 0.8

vendor:susemodel:linux enterprise server sp2scope:eqversion:10

Trust: 0.6

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:3.1.3

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:3.1.2

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:3.1.1

Trust: 0.6

vendor:applemodel:ipod touchscope:eqversion:3.0

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:3.1.3

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:3.1.2

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:3.0.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:3.1

Trust: 0.6

vendor:applemodel:iphonescope:eqversion:3.0

Trust: 0.6

vendor:applemodel:ipadscope:eqversion:3.2.1

Trust: 0.6

vendor:applemodel:ipadscope:eqversion:3.2

Trust: 0.6

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.6

vendor:applemodel:iosscope:eqversion:4

Trust: 0.6

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.6

vendor:applemodel:iosscope:neversion:4.0.2

Trust: 0.6

vendor:applemodel:iosscope:neversion:3.2.2

Trust: 0.6

vendor:ubuntumodel:linux sparcscope:eqversion:9.10

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:9.10

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:9.10

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:9.10

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:9.10

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:9.04

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:9

Trust: 0.3

vendor:susemodel:linux enterprisescope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise sp3scope:eqversion:10

Trust: 0.3

vendor:sunmodel:solaris 9 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 9 sparcscope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris svn 126scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 99scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 98scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 96scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 95scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 94scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 93scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 92scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 91scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 90scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 89scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 88scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 87scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 86scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 85scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 84scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 83scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 82scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 81scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 80scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 78scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 77scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 76scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 74scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 71scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 68scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 67scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 64scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 61scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 59scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 58scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 57scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 56scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 54scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 51scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 50scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 49scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 48scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 47scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 45scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 41scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 39scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 38scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 37scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 36scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 35scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 29scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 28scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 22scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 19scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 13scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 111ascope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 111scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 110scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 109scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 108scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 107scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 106scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 105scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 104scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 103scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 102scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 101ascope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 101scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 100scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 02scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 01scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolarisscope:eqversion:0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.3

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.2

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.1

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop versionscope:eqversion:4

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux clientscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:3.0

Trust: 0.3

vendor:pardusmodel:linuxscope:eqversion:20090

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.1

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2008.0

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2008.0

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

vendor:freetypemodel:freetypescope:eqversion:2.4

Trust: 0.3

vendor:freetypemodel:freetypescope:eqversion:2.3.6

Trust: 0.3

vendor:freetypemodel:freetypescope:eqversion:2.3.5

Trust: 0.3

vendor:freetypemodel:freetypescope:eqversion:2.3.4

Trust: 0.3

vendor:freetypemodel:freetypescope:eqversion:2.3.3

Trust: 0.3

vendor:freetypemodel:freetypescope:eqversion:2.2.10

Trust: 0.3

vendor:freetypemodel:freetypescope:eqversion:2.2.1

Trust: 0.3

vendor:freetypemodel:freetypescope:eqversion:2.1.10

Trust: 0.3

vendor:freetypemodel:freetypescope:eqversion:2.1.9

Trust: 0.3

vendor:freetypemodel:freetypescope:eqversion:2.1.7

Trust: 0.3

vendor:freetypemodel:freetypescope:eqversion:2.0.9

Trust: 0.3

vendor:freetypemodel:freetypescope:eqversion:2.0.6

Trust: 0.3

vendor:freetypemodel:freetypescope:eqversion:2.2

Trust: 0.3

vendor:foxitmodel:readerscope:eqversion:4.1.1

Trust: 0.3

vendor:foxitmodel:reader buildscope:eqversion:3.1.10928

Trust: 0.3

vendor:foxitmodel:readerscope:eqversion:4.1

Trust: 0.3

vendor:foxitmodel:readerscope:eqversion:3.2.10401

Trust: 0.3

vendor:foxitmodel:readerscope:eqversion:3.20303

Trust: 0.3

vendor:foxitmodel:readerscope:eqversion:3.0.2009.1301

Trust: 0.3

vendor:foxitmodel:readerscope:eqversion:4.0

Trust: 0.3

vendor:foxitmodel:readerscope:eqversion:3.2

Trust: 0.3

vendor:foxitmodel:readerscope:eqversion:3.1.4.1125

Trust: 0.3

vendor:foxitmodel:reader buildscope:eqversion:3.01817

Trust: 0.3

vendor:foxitmodel:reader buildscope:eqversion:3.01506

Trust: 0.3

vendor:foxitmodel:readerscope:eqversion:3.0

Trust: 0.3

vendor:foxitmodel:reader buildscope:eqversion:2.33902

Trust: 0.3

vendor:foxitmodel:reader buildscope:eqversion:2.32923

Trust: 0.3

vendor:foxitmodel:reader buildscope:eqversion:2.32825

Trust: 0.3

vendor:foxitmodel:readerscope:eqversion:2.3

Trust: 0.3

vendor:foxitmodel:readerscope:eqversion:2.2

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:3.0

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1.2

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1.1

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:3.0.3

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:3.0.2

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.2

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:3.0

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:0

Trust: 0.3

vendor:avayamodel:messaging storage server mm3.0scope: - version: -

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:messaging storage server sp1scope:eqversion:3.1

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:3.1

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:2.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:1.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope: - version: -

Trust: 0.3

vendor:avayamodel:message networking mnscope:eqversion:3.1

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:3.1

Trust: 0.3

vendor:avayamodel:message networkingscope: - version: -

Trust: 0.3

vendor:avayamodel:irscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:4.1

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:iqscope:eqversion:5

Trust: 0.3

vendor:avayamodel:intuity audix lx r1.1scope: - version: -

Trust: 0.3

vendor:avayamodel:intuity audix lx sp2scope:eqversion:2.0

Trust: 0.3

vendor:avayamodel:intuity audix lx sp1scope:eqversion:2.0

Trust: 0.3

vendor:avayamodel:intuity audix lxscope:eqversion:2.0

Trust: 0.3

vendor:avayamodel:intuity audix lxscope:eqversion:1.0

Trust: 0.3

vendor:avayamodel:cms serverscope:eqversion:16.2

Trust: 0.3

vendor:avayamodel:cms serverscope:eqversion:16.1

Trust: 0.3

vendor:avayamodel:cms serverscope:eqversion:16.0

Trust: 0.3

vendor:avayamodel:cms serverscope:eqversion:15.0

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system platformscope:eqversion:1.0

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:1.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura presence servicesscope:eqversion:0

Trust: 0.3

vendor:avayamodel:aura conferencing standardscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura conferencingscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 111bscope:neversion: -

Trust: 0.3

vendor:foxitmodel:readerscope:neversion:4.1.1.0805

Trust: 0.3

sources: CERT/CC: VU#275247 // BID: 42241 // BID: 42151 // JVNDB: JVNDB-2010-001892 // CNNVD: CNNVD-201008-143 // NVD: CVE-2010-1797

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1797
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#275247
value: 13.39

Trust: 0.8

NVD: CVE-2010-1797
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201008-143
value: CRITICAL

Trust: 0.6

VULHUB: VHN-44402
value: HIGH

Trust: 0.1

VULMON: CVE-2010-1797
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-1797
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-44402
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#275247 // VULHUB: VHN-44402 // VULMON: CVE-2010-1797 // JVNDB: JVNDB-2010-001892 // CNNVD: CNNVD-201008-143 // NVD: CVE-2010-1797

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-44402 // JVNDB: JVNDB-2010-001892 // NVD: CVE-2010-1797

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 92842 // PACKETSTORM: 95653 // CNNVD: CNNVD-201008-143

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201008-143

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:freetype:freetype"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:apple:iphone_os"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:apple:ipad"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:apple:iphone"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:apple:ipod_touch"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:oracle:opensolaris"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:oracle:solaris"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:turbolinux:turbolinux_client"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:turbolinux:turbolinux_server"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:redhat:enterprise_linux"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2010-001892

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-44402 // VULMON: CVE-2010-1797

PATCH

title:HT4292url:http://support.apple.com/kb/HT4292

Trust: 0.8

title:HT4291url:http://support.apple.com/kb/HT4291

Trust: 0.8

title:HT4291url:http://support.apple.com/kb/HT4291?viewlocale=ja_JP

Trust: 0.8

title:HT4292url:http://support.apple.com/kb/HT4292?viewlocale=ja_JP

Trust: 0.8

title:freetype-2.2.1-26.0.1.AXS3url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1238

Trust: 0.8

title:2109url:http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2109

Trust: 0.8

title:RHSA-2010:0607url:https://rhn.redhat.com/errata/RHSA-2010-0607.html

Trust: 0.8

title:cve_2010_1797_buffer_overflowurl:http://blogs.sun.com/security/entry/cve_2010_1797_buffer_overflow

Trust: 0.8

title:CHANGES BETWEEN 2.4.0 and 2.4.1url:http://sourceforge.net/projects/freetype/files/freetype2/2.4.1/NEWS/view

Trust: 0.8

title:CHANGES BETWEEN 2.4.1 and 2.4.2url:http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view

Trust: 0.8

title:Top Pageurl:http://freetype.sourceforge.net/index2.html

Trust: 0.8

title:Stable Releasesurl:http://freetype.sourceforge.net/download.html#stable

Trust: 0.8

title:TLSA-2010-34url:http://www.turbolinux.co.jp/security/2010/TLSA-2010-34j.txt

Trust: 0.8

title:CVE-2010-1797url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40151

Trust: 0.6

title:Red Hat: Important: freetype security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20100607 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: freetype vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-972-1

Trust: 0.1

title:Debian Security Advisories: DSA-2105-1 freetype -- several vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=7fe350e40a93e278310abb1441ee2ffb

Trust: 0.1

title:ipod_sun WARNING! Attribution Thanksurl:https://github.com/CUB3D/ipod_sun

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2010/11/10/mac_osx_security_vuln/

Trust: 0.1

sources: VULMON: CVE-2010-1797 // JVNDB: JVNDB-2010-001892 // CNNVD: CNNVD-201008-143

EXTERNAL IDS

db:NVDid:CVE-2010-1797

Trust: 3.6

db:SECUNIAid:40816

Trust: 3.4

db:SECUNIAid:40807

Trust: 2.6

db:VUPENid:ADV-2010-2018

Trust: 2.6

db:OSVDBid:66828

Trust: 2.6

db:BIDid:42151

Trust: 2.1

db:BIDid:42241

Trust: 1.9

db:SECUNIAid:40982

Trust: 1.8

db:SECUNIAid:48951

Trust: 1.8

db:EXPLOIT-DBid:14538

Trust: 1.8

db:VUPENid:ADV-2010-2106

Trust: 1.8

db:CERT/CCid:VU#275247

Trust: 1.7

db:SECTRACKid:1024283

Trust: 0.8

db:JVNDBid:JVNDB-2010-001892

Trust: 0.8

db:CNNVDid:CNNVD-201008-143

Trust: 0.7

db:EXPLOIT-DBid:14727

Trust: 0.2

db:PACKETSTORMid:92722

Trust: 0.2

db:PACKETSTORMid:95653

Trust: 0.2

db:PACKETSTORMid:92842

Trust: 0.2

db:PACKETSTORMid:93637

Trust: 0.2

db:PACKETSTORMid:109005

Trust: 0.1

db:SEEBUGid:SSVID-69655

Trust: 0.1

db:SEEBUGid:SSVID-69526

Trust: 0.1

db:VULHUBid:VHN-44402

Trust: 0.1

db:VULMONid:CVE-2010-1797

Trust: 0.1

sources: CERT/CC: VU#275247 // VULHUB: VHN-44402 // VULMON: CVE-2010-1797 // BID: 42241 // BID: 42151 // JVNDB: JVNDB-2010-001892 // PACKETSTORM: 92842 // PACKETSTORM: 95653 // PACKETSTORM: 92722 // PACKETSTORM: 93637 // CNNVD: CNNVD-201008-143 // NVD: CVE-2010-1797

REFERENCES

url:http://secunia.com/advisories/40816

Trust: 3.4

url:http://support.apple.com/kb/ht4291

Trust: 2.6

url:http://support.apple.com/kb/ht4292

Trust: 2.6

url:http://www.f-secure.com/weblog/archives/00002002.html

Trust: 2.6

url:http://osvdb.org/66828

Trust: 2.6

url:http://secunia.com/advisories/40807

Trust: 2.6

url:http://www.vupen.com/english/advisories/2010/2018

Trust: 2.6

url:https://bugzilla.redhat.com/show_bug.cgi?id=621144

Trust: 2.2

url:http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/news/view

Trust: 2.1

url:http://lists.apple.com/archives/security-announce/2010//aug/msg00000.html

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2010//aug/msg00001.html

Trust: 1.8

url:http://www.securityfocus.com/bid/42151

Trust: 1.8

url:http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2

Trust: 1.8

url:http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50

Trust: 1.8

url:http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc

Trust: 1.8

url:https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019

Trust: 1.8

url:http://www.exploit-db.com/exploits/14538

Trust: 1.8

url:http://secunia.com/advisories/40982

Trust: 1.8

url:http://secunia.com/advisories/48951

Trust: 1.8

url:http://www.ubuntu.com/usn/usn-972-1

Trust: 1.8

url:http://www.vupen.com/english/advisories/2010/2106

Trust: 1.8

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/60856

Trust: 1.8

url:http://www.securityfocus.com/bid/42241

Trust: 1.6

url:http://www.foxitsoftware.com/pdf/reader/security_bulletins.php#iphone

Trust: 1.1

url:http://www.kb.cert.org/vuls/id/275247

Trust: 0.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1797

Trust: 0.9

url:http://securitytracker.com/alerts/2010/aug/1024283.html

Trust: 0.8

url:https://rhn.redhat.com/errata/rhsa-2010-0607.html

Trust: 0.8

url:http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00005.html

Trust: 0.8

url:http://jvn.jp/cert/jvnvu275247

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1797

Trust: 0.8

url:http://www.apple.com/iphone/softwareupdate/

Trust: 0.6

url:http://www.apple.com/iphone/

Trust: 0.6

url:http://www.apple.com/ipodtouch/

Trust: 0.6

url:http://twitter.com/comex/status/20918593762

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2010-1797

Trust: 0.4

url:http://www.foxitsoftware.com/pdf/reader/bugfix.php

Trust: 0.3

url:http://www.freetype.org/

Trust: 0.3

url:http://www.apple.com/ipad/

Trust: 0.3

url:http://www.foxitsoftware.com/announcements/2010861227.html

Trust: 0.3

url:http://blogs.sun.com/security/entry/cve_2010_1797_buffer_overflow

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100113739

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100156056

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2010-2805

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-2806

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-2808

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-2541

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2010-2807

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://github.com/cub3d/ipod_sun

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.exploit-db.com/exploits/14727/

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_powerpc.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_powerpc.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_i386.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_amd64.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.8.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_sparc.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.3.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.3.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_i386.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_powerpc.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.8.diff.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_powerpc.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11.orig.tar.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_sparc.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_i386.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_lpia.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_amd64.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.2.dsc

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_sparc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_lpia.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_lpia.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_amd64.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.2.diff.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_i386.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.2.diff.gz

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_amd64.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_sparc.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.4.diff.gz

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_sparc.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.4.dsc

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_i386.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_powerpc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_amd64.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_sparc.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_i386.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.2.dsc

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_powerpc.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_lpia.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_i386.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_sparc.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_amd64.udeb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_powerpc.deb

Trust: 0.1

url:http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_lpia.udeb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_amd64.deb

Trust: 0.1

url:http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_amd64.deb

Trust: 0.1

url:http://corelabs.coresecurity.com].

Trust: 0.1

url:http://www.coresecurity.com/files/attachments/core_security_advisories.asc].

Trust: 0.1

url:http://enigmail.mozdev.org/

Trust: 0.1

url:http://corelabs.coresecurity.com/

Trust: 0.1

url:http://secunia.com/

Trust: 0.1

url:http://corelabs.coresecurity.com/index.php?module=wiki&action=view&type=researcher&name=anibal_sacco]

Trust: 0.1

url:http://www.coresecurity.com].

Trust: 0.1

url:http://corelabs.coresecurity.com/index.php?module=wiki&action=view&type=researcher&name=matias_eissler],

Trust: 0.1

url:http://www.coresecurity.com/content/apple-osx-atsserver-charstrings-sign-mismatch]

Trust: 0.1

url:http://creativecommons.org/licenses/by-nc-sa/3.0/us/]

Trust: 0.1

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.1

url:http://en.wikipedia.org/wiki/postscript_fonts#compact_font_format]

Trust: 0.1

url:http://www.mandriva.com/security/

Trust: 0.1

url:http://store.mandriva.com/product_info.php?cpath=149&products_id=490

Trust: 0.1

url:http://www.mandriva.com/security/advisories

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_sparc.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_armel.deb

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_s390.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_i386.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_alpha.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_armel.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_i386.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_amd64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_armel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_s390.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_powerpc.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_s390.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_amd64.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_arm.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.dsc

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_s390.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_arm.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.diff.gz

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_ia64.udeb

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-3053

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_ia64.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mipsel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mipsel.udeb

Trust: 0.1

url:http://packages.debian.org/<pkg>

Trust: 0.1

url:http://security.debian.org/

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_alpha.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mips.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mips.udeb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_armel.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_sparc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_powerpc.deb

Trust: 0.1

url:http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_alpha.deb

Trust: 0.1

sources: CERT/CC: VU#275247 // VULHUB: VHN-44402 // VULMON: CVE-2010-1797 // BID: 42241 // BID: 42151 // JVNDB: JVNDB-2010-001892 // PACKETSTORM: 92842 // PACKETSTORM: 95653 // PACKETSTORM: 92722 // PACKETSTORM: 93637 // CNNVD: CNNVD-201008-143 // NVD: CVE-2010-1797

CREDITS

Braden Thomas from Apple

Trust: 0.3

sources: BID: 42241

SOURCES

db:CERT/CCid:VU#275247
db:VULHUBid:VHN-44402
db:VULMONid:CVE-2010-1797
db:BIDid:42241
db:BIDid:42151
db:JVNDBid:JVNDB-2010-001892
db:PACKETSTORMid:92842
db:PACKETSTORMid:95653
db:PACKETSTORMid:92722
db:PACKETSTORMid:93637
db:CNNVDid:CNNVD-201008-143
db:NVDid:CVE-2010-1797

LAST UPDATE DATE

2025-01-21T21:04:54.969000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#275247date:2010-09-14T00:00:00
db:VULHUBid:VHN-44402date:2019-09-26T00:00:00
db:VULMONid:CVE-2010-1797date:2021-05-23T00:00:00
db:BIDid:42241date:2015-04-13T21:43:00
db:BIDid:42151date:2015-04-13T22:11:00
db:JVNDBid:JVNDB-2010-001892date:2010-11-02T00:00:00
db:CNNVDid:CNNVD-201008-143date:2019-09-27T00:00:00
db:NVDid:CVE-2010-1797date:2024-11-21T01:15:13.160

SOURCES RELEASE DATE

db:CERT/CCid:VU#275247date:2010-08-05T00:00:00
db:VULHUBid:VHN-44402date:2010-08-16T00:00:00
db:VULMONid:CVE-2010-1797date:2010-08-16T00:00:00
db:BIDid:42241date:2010-08-05T00:00:00
db:BIDid:42151date:2010-08-02T00:00:00
db:JVNDBid:JVNDB-2010-001892date:2010-08-30T00:00:00
db:PACKETSTORMid:92842date:2010-08-17T22:38:46
db:PACKETSTORMid:95653date:2010-11-09T01:58:48
db:PACKETSTORMid:92722date:2010-08-13T01:49:40
db:PACKETSTORMid:93637date:2010-09-09T02:40:54
db:CNNVDid:CNNVD-201008-143date:2010-08-19T00:00:00
db:NVDid:CVE-2010-1797date:2010-08-16T18:39:40.403