Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30366
HistoryMar 18, 2014 - 12:00 a.m.

[USN-2148-1] FreeType vulnerabilities

2014-03-1800:00:00
vulners.com
15
JSON

==========================================================================
Ubuntu Security Notice USN-2148-1
March 17, 2014

freetype vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.10

Summary:

FreeType could be made to crash or run programs as your login if it opened
a specially crafted font file.

Software Description:

  • freetype: FreeType 2 is a font engine library

Details:

Mateusz Jurczyk discovered that FreeType did not correctly handle certain
malformed font files. If a user were tricked into using a specially crafted
font file, a remote attacker could cause FreeType to crash or possibly
execute arbitrary code with user privileges. (CVE-2014-2240, CVE-2014-2241)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
libfreetype6 2.4.12-0ubuntu1.1

After a standard system update you need to restart your session to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2148-1
CVE-2014-2240, CVE-2014-2241

Package Information:
https://launchpad.net/ubuntu/+source/freetype/2.4.12-0ubuntu1.1

– ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Related

openvas 12
securityvulns 1
fedora 8
mageia 2
ubuntu 1
nessus 11
seebug 2
prion 3
ubuntucve 3
debiancve 3
cve 3
gentoo 1
slackware 1
freebsd 1
f5 2
openvas
openvas
Ubuntu Update for freetype USN-2148-1
2014-03-20 00:00:00
Fedora Update for mingw-freetype FEDORA-2014-17580
2015-01-05 00:00:00
Fedora Update for mingw-freetype FEDORA-2014-6830
2014-06-17 00:00:00
securityvulns
securityvulns
FreeType memory corruption
2014-03-18 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: mingw-freetype-2.5.4-1.fc20
2015-01-02 05:04:19
[SECURITY] Fedora 20 Update: freetype-2.5.0-7.fc20
2015-01-03 19:05:23
[SECURITY] Fedora 19 Update: mingw-freetype-2.4.12-3.fc19
2014-06-10 02:59:37
mageia
mageia
Updated freetype2 packages fix security vulnerabilities
2014-03-15 20:26:54
Updated freetype2 packages fix security vulnerability
2014-12-13 23:16:05
ubuntu
ubuntu
FreeType vulnerabilities
2014-03-17 00:00:00
nessus
nessus
Fedora 19 : mingw-freetype-2.4.12-3.fc19 (2014-6833)
2014-06-10 00:00:00
Fedora 20 : mingw-freetype-2.5.0.1-2.fc20 (2014-6830)
2014-06-10 00:00:00
Ubuntu 13.10 : freetype vulnerabilities (USN-2148-1)
2014-03-18 00:00:00
seebug
seebug
FreeType 'src/cff/cf2ft.c'θΏœη¨‹ζ‹’η»ζœεŠ‘ζΌζ΄ž
2014-03-11 00:00:00
FreeType 'src/cff/cf2hints.c'θΏœη¨‹ζ ˆηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž
2014-03-11 00:00:00
prion
prion
Design/Logic Flaw
2014-03-18 17:04:00
Stack overflow
2014-03-12 14:55:00
Stack overflow
2015-02-08 11:59:00
ubuntucve
ubuntucve
CVE-2014-2241
2014-03-12 00:00:00
CVE-2014-9659
2015-02-08 00:00:00
CVE-2014-2240
2014-03-12 00:00:00
debiancve
debiancve
CVE-2014-2241
2014-03-18 17:04:00
CVE-2014-2240
2014-03-12 14:55:00
CVE-2014-9659
2015-02-08 11:59:00
cve
cve
CVE-2014-2241
2014-03-18 17:04:00
CVE-2014-2240
2014-03-12 14:55:00
CVE-2014-9659
2015-02-08 11:59:00
gentoo
gentoo
FreeType: Arbitrary code execution
2014-08-09 00:00:00
slackware
slackware
[slackware-security] freetype
2015-01-17 06:43:52
freebsd
freebsd
freetype -- Out of bounds stack-based read/write
2014-12-07 00:00:00
f5
f5
K16380 : FreeType vulnerabilities CVE-2014-9656 and CVE-2014-9659
2015-04-09 00:00:00
SOL16380 - FreeType vulnerabilities CVE-2014-9656 and CVE-2014-9659
2015-04-09 00:00:00
JSON
Related for SECURITYVULNS:DOC:30366
openvas12securityvulns1fedora8mageia2ubuntu1nessus11seebug2prion3ubuntucve3debiancve3cve3gentoo1slackware1freebsd1f52