Detections
Analytics
Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:006)
medium Nessus Plugin ID 64504
Language:
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
Multiple vulnerabilities has been found and corrected in freetype2 :A NULL pointer de-reference flaw was found in the way Freetype font rendering engine handled Glyph bitmap distribution format (BDF) fonts.
A remote attacker could provide a specially crafted BDF font file, which once processed in an application linked against FreeType would lead to that application crash (CVE-2012-5668).
An out-of heap-based buffer read flaw was found in the way FreeType font rendering engine performed parsing of glyph information and relevant bitmaps for glyph bitmap distribution format (BDF). A remote attacker could provide a specially crafted BDF font file, which once opened in an application linked against FreeType would lead to that application crash (CVE-2012-5669).
The updated packages have been patched to correct these issues.
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 64504
File Name: mandriva_MDVSA-2013-006.nasl
Version: 1.9
Type: local
Family: Mandriva Local Security Checks
Published: 2/9/2013
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:lib64freetype6, p-cpe:/a:mandriva:linux:libfreetype6-static-devel, cpe:/o:mandriva:linux:2011, p-cpe:/a:mandriva:linux:lib64freetype6-devel, p-cpe:/a:mandriva:linux:lib64freetype6-static-devel, p-cpe:/a:mandriva:linux:libfreetype6-devel, p-cpe:/a:mandriva:linux:libfreetype6, p-cpe:/a:mandriva:linux:freetype2-demos
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 2/1/2013
Reference Information
CVE: CVE-2012-5668, CVE-2012-5669
BID: 57041
MDVSA: 2013:006