CVE-2010-3311

Related Files

Gentoo Linux Security Advisory 201201-09

Posted Jan 24, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-9 - Multiple vulnerabilities have been found in FreeType, allowing remote attackers to possibly execute arbitrary code or cause a Denial of Service. Versions less than 2.4.8 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2010-1797, CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2527, CVE-2010-2541, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053, CVE-2010-3054, CVE-2010-3311, CVE-2010-3814, CVE-2010-3855, CVE-2011-0226, CVE-2011-3256, CVE-2011-3439

SHA-256 | c2f545da77d59dcae89071ef5db306706481440c4f480de96b07a59229faf95e

Download | Favorite | View

Ubuntu Security Notice 1013-1

Posted Nov 5, 2010

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1013-1 - Marc Schoenefeld discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. Chris Evans discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. It was discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary

systems | linux, ubuntu

advisories | CVE-2010-3311, CVE-2010-3814, CVE-2010-3855

SHA-256 | a7844c918a1287ebbeb10049ad6777cfc78db17becfe0ec9fc5d86eda02f4746

Download | Favorite | View

Mandriva Linux Security Advisory 2010-201

Posted Oct 14, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-201 - Marc Schoenefeld found an input stream position error in the way FreeType font rendering engine processed input file streams. If a user loaded a specially-crafted font file with an application linked against FreeType and relevant font glyphs were subsequently rendered with the X FreeType library, it could cause the application to crash or, possibly execute arbitrary code (integer overflow leading to heap-based buffer overflow in the libXft library) with the privileges of the user running the application. Different vulnerability than CVE-2010-1797.

tags | advisory, overflow, arbitrary

systems | linux, mandriva

advisories | CVE-2010-3311

SHA-256 | cf77ad478e89a3ba2c6046a48e6f32429662f19ea59b6368bbb43895bb0b789e

Download | Favorite | View

Debian Linux Security Advisory 2116-1

Posted Oct 5, 2010

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2116-1 - Marc Schoenefeld has found an input stream position error in the way the FreeType font rendering engine processed input file streams. If a user loaded a specially-crafted font file with an application linked against FreeType and relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could cause the application to crash or, possibly execute arbitrary code.

tags | advisory, arbitrary

systems | linux, debian

advisories | CVE-2010-3311

SHA-256 | 910f30cacded6a419b51fd3cb37ad51bfa809bcf0020a5c6a230b1cb04e23e2b

Download | Favorite | View