CVE-2011-0226

Publication date 19 July 2011

Last updated 24 July 2024

Ubuntu priority

Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
freetype	11.04 natty	Fixed 2.4.4-1ubuntu2.1
	10.10 maverick	Fixed 2.4.2-2ubuntu0.2
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Not affected

Notes

mdeslaur

don't see issue with valgrind on 2.3.x, marking hardy and lucid as not-affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
freetype	Upstream: ?id=c46 Upstream: ?id=dc3 Upstream: ?id=60f Upstream: ?id=143 Vendor: https://rhn.redhat.com/errata/RHSA-2011-1085.html

References

Related Ubuntu Security Notices (USN)