ID de Prueba:	1.3.6.1.4.1.25623.1.0.901143
Categoría:	Denial of Service
Título:	FreeType Memory Corruption and Buffer Overflow Vulnerabilities - Windows
Resumen:	FreeType is prone to multiple vulnerabilities.
Descripción:	Summary: FreeType is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An error in the 'demo' programs. - A heap-based buffer overflow in the 'Ins_IUP function()' in 'truetype/ttinterp.c' and 'Mac_Read_POST_Resource()' function in ' base/ftobjs.c'. - An integer overflow in the 'gray_render_span()' function in 'smooth/ftgrays.c' and integer underflow in 'glyph' handling. - A Buffer overflow in the 'Mac_Read_POST_Resource()' function in 'base/ftobjs.c'. - An error in the 'psh_glyph_find_strong_pointr()' function in 'pshinter/pshalgo.c'. when processing malformed font files. Vulnerability Impact: Successful exploitation may allow attackers to execute arbitrary code in the context of an application that uses the affected library. Failed exploitation attempts will likely result in denial-of-service conditions. Affected Software/OS: FreeType versions prior to 2.4.0 Solution: Upgrade to FreeType version 2.4.2 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2497 48951 http://secunia.com/advisories/48951 APPLE-SA-2010-11-10-1 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html DSA-2070 http://www.debian.org/security/2010/dsa-2070 MDVSA-2010:137 http://www.mandriva.com/security/advisories?name=MDVSA-2010:137 [freetype] 20100712 FreeType 2.4.0 has been released http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html [oss-security] 20100713 Multiple bugs in freetype http://marc.info/?l=oss-security&m=127905701201340&w=2 [oss-security] 20100714 Re: Multiple bugs in freetype http://marc.info/?l=oss-security&m=127909326909362&w=2 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7d3d2cc4fef72c6be9c454b3809c387e12b44cfc http://support.apple.com/kb/HT4435 https://bugzilla.redhat.com/show_bug.cgi?id=613154 https://savannah.nongnu.org/bugs/?30082 https://savannah.nongnu.org/bugs/?30083 Common Vulnerability Exposure (CVE) ID: CVE-2010-2498 1024266 http://securitytracker.com/id?1024266 RHSA-2010:0578 http://www.redhat.com/support/errata/RHSA-2010-0578.html USN-963-1 http://www.ubuntu.com/usn/USN-963-1 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8d22746c9e5af80ff4304aef440986403a5072e2 https://bugzilla.redhat.com/show_bug.cgi?id=613160 https://savannah.nongnu.org/bugs/?30106 Common Vulnerability Exposure (CVE) ID: CVE-2010-2499 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=c69891a1345640096fbf396e8dd567fe879ce233 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f29f741efbba0a5ce2f16464f648fb8d026ed4c8 https://bugzilla.redhat.com/show_bug.cgi?id=613162 https://savannah.nongnu.org/bugs/?30248 https://savannah.nongnu.org/bugs/?30249 Common Vulnerability Exposure (CVE) ID: CVE-2010-2500 RHSA-2010:0577 http://www.redhat.com/support/errata/RHSA-2010-0577.html http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6305b869d86ff415a33576df6d43729673c66eee https://bugzilla.redhat.com/show_bug.cgi?id=613167 https://savannah.nongnu.org/bugs/?30263 Common Vulnerability Exposure (CVE) ID: CVE-2010-2519 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5ef20c8c1d4de12a84b50ba497c2a358c90ec44b http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b2ea64bcc6c385a8e8318f9c759450a07df58b6d https://bugzilla.redhat.com/show_bug.cgi?id=613194 https://savannah.nongnu.org/bugs/?30306 Common Vulnerability Exposure (CVE) ID: CVE-2010-2520 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=888cd1843e935fe675cf2ac303116d4ed5b9d54b https://bugzilla.redhat.com/show_bug.cgi?id=613198 https://savannah.nongnu.org/bugs/?30361 Common Vulnerability Exposure (CVE) ID: CVE-2010-2527 http://marc.info/?l=oss-security&m=127912955808467&w=2 http://git.savannah.gnu.org/cgit/freetype/freetype2-demos.git/commit/?id=b995299b73ba4cd259f221f500d4e63095508bec http://savannah.nongnu.org/bugs/?30054 https://bugzilla.redhat.com/show_bug.cgi?id=614557
Copyright	Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.