FreeBSD : freetype2 -- execute arbitrary code or cause denial of service (5d374b01-c3ee-11e0-8aa5-485d60cb5385)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Vincent Danen reports :

Due to an error within the t1_decoder_parse_charstrings() function
(src/psaux/t1decode.c) and can be exploited to corrupt memory by
tricking a user into processing a specially crafted postscript Type1
font in an application that uses the freetype library.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0226
http://www.nessus.org/u?83651167

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 55822 ()

Bugtraq ID:

CVE ID: CVE-2011-0226

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now