Mandriva Linux Security Advisory : freetype2 (MDVSA-2013:039)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated freetype2 packages fixes security vulnerabilities :

A NULL pointer de-reference flaw was found in the way Freetype font
rendering engine handled Glyph bitmap distribution format (BDF) fonts.
A remote attacker could provide a specially crafted BDF font file,
which once processed in an application linked against FreeType would
lead to that application crash (CVE-2012-5668).

An out-of heap-based buffer read flaw was found in the way FreeType
font rendering engine performed parsing of glyph information and
relevant bitmaps for glyph bitmap distribution format (BDF). A remote
attacker could provide a specially crafted BDF font file, which once
opened in an application linked against FreeType would lead to that
application crash (CVE-2012-5669).

An out-of heap-based buffer write flaw was found in the way FreeType
font rendering engine performed parsing of glyph information and
relevant bitmaps for glyph bitmap distribution format (BDF). A remote
attacker could provide a specially crafted font file, which once
opened in an application linked against FreeType would lead to that
application crash, or, potentially, arbitrary code execution with the
privileges of the user running the application (CVE-2012-5670).

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 66053 ()

Bugtraq ID: 57041

CVE ID: CVE-2012-5668
CVE-2012-5669
CVE-2012-5670

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now