Detections
Analytics
GLSA-201201-09 : FreeType: Multiple vulnerabilities
high Nessus Plugin ID 57651
Language:
Synopsis
The remote Gentoo host is missing one or more security-related patches.Description
The remote host is affected by the vulnerability described in GLSA-201201-09 (FreeType: Multiple vulnerabilities)Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.
Impact :
A remote attacker could entice a user to open a specially crafted font, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.
Workaround :
There is no known workaround at this time.
Solution
All FreeType users should upgrade to the latest version:# emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/freetype-2.4.8'
See Also
Plugin Details
Severity: High
ID: 57651
File Name: gentoo_GLSA-201201-09.nasl
Version: 1.13
Type: local
Family: Gentoo Local Security Checks
Published: 1/24/2012
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.2
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:gentoo:linux:freetype, cpe:/o:gentoo:linux
Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/23/2012
Exploitable With
CANVAS (White_Phosphorus)
Core Impact
Reference Information
CVE: CVE-2010-1797, CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2527, CVE-2010-2541, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053, CVE-2010-3054, CVE-2010-3311, CVE-2010-3814, CVE-2010-3855, CVE-2011-0226, CVE-2011-3256, CVE-2011-3439
BID: 41663, 42151, 42241, 42285, 42621, 42624, 43700, 44214, 44643, 48619, 50155, 50643
GLSA: 201201-09