VAR-201008-0306
Vulnerability from variot - Updated: 2026-04-10 22:16Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information. FreeType 2 Is CFF A vulnerability exists in the handling of fonts. FreeType Is a library for handling various types of font files. FreeType 2 Is CFF A vulnerability exists in the processing of fonts that causes a stack corruption. Attack activity using this vulnerability has been confirmed.Crafted CFF Font FreeType 2 By loading it with an application that uses, arbitrary code may be executed by a remote third party. FreeType is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary-checks on user-supplied data. Failed exploit attempts will likely result in denial-of-service conditions. This BID has been updated to reflect details that may have been included in BID 42151. Apple iOS for iPhone, iPod touch, and iPad is prone to a local privilege-escalation vulnerability that affects the 'IOSurface' component. Successfully exploiting this issue can allow attackers to elevate privileges, leading to a complete compromise of the device. iOS versions 4.0.1 and prior are vulnerable. NOTE (August 12, 2010): This BID was previously titled 'Apple iOS Multiple Vulnerabilities' and included details about a remote code-execution vulnerability. Following further analysis, we determined that the remote code-execution issue was already documented in BID 42241 (FreeType Compact Font Format (CFF) Multiple Stack Based Buffer Overflow Vulnerabilities). It can be used to rasterize and map characters into bitmaps and provide support for other font-related businesses.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/freetype < 2.4.8 >= 2.4.8
Description
Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All FreeType users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8"
References
[ 1 ] CVE-2010-1797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797 [ 2 ] CVE-2010-2497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497 [ 3 ] CVE-2010-2498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498 [ 4 ] CVE-2010-2499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499 [ 5 ] CVE-2010-2500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500 [ 6 ] CVE-2010-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519 [ 7 ] CVE-2010-2520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520 [ 8 ] CVE-2010-2527 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527 [ 9 ] CVE-2010-2541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541 [ 10 ] CVE-2010-2805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805 [ 11 ] CVE-2010-2806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806 [ 12 ] CVE-2010-2807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807 [ 13 ] CVE-2010-2808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808 [ 14 ] CVE-2010-3053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053 [ 15 ] CVE-2010-3054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054 [ 16 ] CVE-2010-3311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311 [ 17 ] CVE-2010-3814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814 [ 18 ] CVE-2010-3855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855 [ 19 ] CVE-2011-0226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226 [ 20 ] CVE-2011-3256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256 [ 21 ] CVE-2011-3439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201201-09.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/
Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch
- Advisory Information
Title: Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch Advisory Id: CORE-2010-0825 Advisory URL: [http://www.coresecurity.com/content/Apple-OSX-ATSServer-CharStrings-Sign-Mismatch] Date published: 2010-11-08 Date of last update: 2010-11-08 Vendors contacted: Apple Release mode: User release
- Vulnerability Information
Class: Input validation error [CWE-20] Impact: Code execution Remotely Exploitable: Yes (client-side) Locally Exploitable: No CVE Name: CVE-2010-1797 Bugtraq ID: N/A
- Vulnerability Description
The Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of the CharStrings INDEX structure.
This vulnerability is a variation of the vulnerability labeled as CVE-2010-1797 (FreeType JailbreakMe iPhone exploit variation).
- Vulnerable packages
. Apple Mac OS X v10.5.x
- Solutions and Workarounds
According to information provided to us by Apple, a patch for this fix has already been developed. Apple provided us a release date for this patch in two opportunities but then failed to meet their our deadlines without giving us any notice or explanation.
Apple Mac OSX 10.6 is not affected by this vulnerability, upgrading to this version is highly recommed when possible.
- Credits
This vulnerability was discovered and researched by Anibal Sacco [http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=researcher&name=Anibal_Sacco] and Matias Eissler [http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=researcher&name=Matias_Eissler], from Core Security Technologies. Publication was coordinated by Fernando Russ and Pedro Varangot.
- Technical Description
When loading a PDF with an embedded CFF font a sign mismatch error exists in ATSServer when handling the last offset value of the CharStrings INDEX structure.
This could be triggered in different ways:
. When trying to make a thumbnail of the file . When trying to open the file with the Preview app . Serving the file in a web server and tricking the user to click on it. Embedded in an email (if handled by Mail.app)
This allows to corrupt the process memory by controlling the size parameter of a memcpy function call allowing an attacker to get code execution.
At [00042AFA] we can see how the value obtained from the file is sign extended prior to be passed to the function loc_370F0. Inside this function this value will be used as the size parameter of memcpy:
/----- 00042AF2 movsx eax, word ptr [edx+5Eh] 00042AF6 mov [esp+0Ch], eax 00042AFA movsx eax, word ptr [esi+4] 00042AFE mov [esp], edi 00042B01 mov [esp+8], eax 00042B05 mov eax, [ebp-2Ch] 00042B08 mov [esp+4], eax 00042B0C call loc_370F0
- -----/ An attacker could take advantage of this condition by setting a negative offset value (0xfffa) in the file that will be converted to a DWORD without enough validation leading to a memcpy of size 0xfffffffa.
This vulnerability results in arbitrary code execution.
- Report Timeline
. 2010-08-26: Vendor contacted, a draft of this advisory is sent and September 28th is proposed as a coordinated publication date. Core remarks that since this is a variation of a publicly disclossed vulnerability it may have already been discovered by other security researchers like vulnerability research brokers or independent security researchers. 2010-08-28: The Apple Product Security team acknowledges the report, saying that they were able to reproduce the issue in Mac OS X 10.5 but not in Mac OS X 10.6, they also said that the deadline for September 28th will be imposible to meet. 2010-08-30: Core informs Apple that there is no problem changing the publication date for the report, whenever the new publication date remains reasonable. Also, Core asks for a tentive timeframe for the fix, and confirm that Mac OS X 10.6 does not seem to be affected. 2010-08-31: Apple acknowledges the comunication informing the publication timing, and state that they are still trying to determine the most appropiate timeframe. 2010-09-28: Core asks the vendor for an update regarding this issue. Also, Core asks for a specific timeframe for the fix, and sets October 18th as tentative publication date. 2010-09-28: Apple acknowledges the comunication informing that this issue will be fixed in the next security update of Mac OS X 10.5, which is tentatively scheduled for the end of October without a firm date of publication. 2010-08-31: Apple asks Core about credit information for the advisory. 2010-09-28: Core acknowledges the comunication sending the credit information for this report. 2010-10-20: Core asks Apple for a firm date for the release of this securiry issue since the initial propossed timeframe of October 18th is due. 2010-10-22: Apple acknowledges the comunication informing that the publication date is scheduled to the week of October 25th. Also, Apple notifies that the assigned identifier for this vulnerability is CVE-2010-1797. 2010-11-01: Core asks Apple for a new schedule for the publication, since there was no notice of any Apple security update during the week of October 25th. 2010-11-01: Apple acknowledges the communication informing that the publication date was rescheduled to the middle of the week of November 1st. 2010-11-03: Core informs Apple that the publication of this advisory was scheduled to Monday 8th, taking into account the last communication this is a final publication date. Core also informs that the information about how this vulnerability was found and how it can be exploited will be discussed in a small infosec related local event in Buenos Aires city. 2010-11-08: Core publishes advisory CORE-2010-0825.
- References
[1] [http://en.wikipedia.org/wiki/PostScript_fonts#Compact_Font_Format]
- About CoreLabs
CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: [http://corelabs.coresecurity.com].
- About Core Security Technologies
Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com].
- Disclaimer
The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: [http://creativecommons.org/licenses/by-nc-sa/3.0/us/]
- PGP/GPG Keys
This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc].
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkzYayoACgkQyNibggitWa2PMgCfSvLwR5OgWfmFIwpONWL+dMa3 njEAnjIZFF+zG/wWK3IscWx3VyNW5F30 =XULv -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1797 https://bugzilla.redhat.com/show_bug.cgi?id=621144
Updated Packages:
Mandriva Linux 2008.0: e5b2f1ac6039b90de44e4c54a7dc15ad 2008.0/i586/libfreetype6-2.3.5-2.4mdv2008.0.i586.rpm ec559f7f70f91973c7c3337d170c2bf1 2008.0/i586/libfreetype6-devel-2.3.5-2.4mdv2008.0.i586.rpm 0f87bab9e3ba83faf24b13b13e8a16a5 2008.0/i586/libfreetype6-static-devel-2.3.5-2.4mdv2008.0.i586.rpm 0d6118b220d595e52174eb7cc2675980 2008.0/SRPMS/freetype2-2.3.5-2.4mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 5d3a64ac00fb880838ea068bceb28055 2008.0/x86_64/lib64freetype6-2.3.5-2.4mdv2008.0.x86_64.rpm d052dabc9b4f9fa41863eb8ca1fe334b 2008.0/x86_64/lib64freetype6-devel-2.3.5-2.4mdv2008.0.x86_64.rpm 281d278bf445567d29c510d0d27f7489 2008.0/x86_64/lib64freetype6-static-devel-2.3.5-2.4mdv2008.0.x86_64.rpm 0d6118b220d595e52174eb7cc2675980 2008.0/SRPMS/freetype2-2.3.5-2.4mdv2008.0.src.rpm
Mandriva Linux 2009.0: ed81cc7ed3660ce94c3c6d00d556ac18 2009.0/i586/libfreetype6-2.3.7-1.3mdv2009.0.i586.rpm 325432a13a72aaf457847f4a205b9823 2009.0/i586/libfreetype6-devel-2.3.7-1.3mdv2009.0.i586.rpm bcd0dbb954f1a4e09d10e03556ea2497 2009.0/i586/libfreetype6-static-devel-2.3.7-1.3mdv2009.0.i586.rpm 373a3d35198adefaabfdb3d75c4359b1 2009.0/SRPMS/freetype2-2.3.7-1.3mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: 4af7ec1921662eaa37e6a5b27998cdec 2009.0/x86_64/lib64freetype6-2.3.7-1.3mdv2009.0.x86_64.rpm c53e5285ea05fc68168a800df25a9556 2009.0/x86_64/lib64freetype6-devel-2.3.7-1.3mdv2009.0.x86_64.rpm 3a5b5a4aa2eec538b0479f066fa6e7e7 2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.3mdv2009.0.x86_64.rpm 373a3d35198adefaabfdb3d75c4359b1 2009.0/SRPMS/freetype2-2.3.7-1.3mdv2009.0.src.rpm
Mandriva Linux 2009.1: ce6a11ba3156f8e1ac8339bf3c94f709 2009.1/i586/libfreetype6-2.3.9-1.4mdv2009.1.i586.rpm dc2573dc94973052652f2481651e927a 2009.1/i586/libfreetype6-devel-2.3.9-1.4mdv2009.1.i586.rpm aee56bcfbed1899495f00e87ddaed7ce 2009.1/i586/libfreetype6-static-devel-2.3.9-1.4mdv2009.1.i586.rpm aaa5a09d40624240e901b31d4f0e98c0 2009.1/SRPMS/freetype2-2.3.9-1.4mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64: 9e51fa000bb7e106189845ca6694ae15 2009.1/x86_64/lib64freetype6-2.3.9-1.4mdv2009.1.x86_64.rpm 2ec9a71562a8d40a8accaf967b3c2a75 2009.1/x86_64/lib64freetype6-devel-2.3.9-1.4mdv2009.1.x86_64.rpm 8e87a5ba6fd376aeceef71fe5b809f86 2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.4mdv2009.1.x86_64.rpm aaa5a09d40624240e901b31d4f0e98c0 2009.1/SRPMS/freetype2-2.3.9-1.4mdv2009.1.src.rpm
Mandriva Linux 2010.0: faf191e76adc0e2f8f4bebfd97f36a49 2010.0/i586/libfreetype6-2.3.11-1.2mdv2010.0.i586.rpm 7202581d10580a63ba28eb4b0dce708c 2010.0/i586/libfreetype6-devel-2.3.11-1.2mdv2010.0.i586.rpm ecaad382e83f7005a1d76a585dfe879c 2010.0/i586/libfreetype6-static-devel-2.3.11-1.2mdv2010.0.i586.rpm 3c34f8f0e0352ef0a11c57d4eadc1ccd 2010.0/SRPMS/freetype2-2.3.11-1.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 9ffe17211ba4e4a6aa67e73e4c22e020 2010.0/x86_64/lib64freetype6-2.3.11-1.2mdv2010.0.x86_64.rpm eebaba0b5509b21da03a432699198342 2010.0/x86_64/lib64freetype6-devel-2.3.11-1.2mdv2010.0.x86_64.rpm 90e215bda5483ee6b5d5ca74bfedf7c0 2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.2mdv2010.0.x86_64.rpm 3c34f8f0e0352ef0a11c57d4eadc1ccd 2010.0/SRPMS/freetype2-2.3.11-1.2mdv2010.0.src.rpm
Mandriva Linux 2010.1: 437be09971963217a5daef5dc04d451b 2010.1/i586/libfreetype6-2.3.12-1.2mdv2010.1.i586.rpm 42f5ddeeb25353a9fa20677112e9ae7c 2010.1/i586/libfreetype6-devel-2.3.12-1.2mdv2010.1.i586.rpm c77ce226104a1febd22c920c73a807f7 2010.1/i586/libfreetype6-static-devel-2.3.12-1.2mdv2010.1.i586.rpm 11f6a185216335c804f0988621dd637c 2010.1/SRPMS/freetype2-2.3.12-1.2mdv2010.1.src.rpm
Mandriva Linux 2010.1/X86_64: a4a5170f277a9654f19b208deab8027c 2010.1/x86_64/lib64freetype6-2.3.12-1.2mdv2010.1.x86_64.rpm 4637ff02b2739b2d29c94333f00ce59e 2010.1/x86_64/lib64freetype6-devel-2.3.12-1.2mdv2010.1.x86_64.rpm 20a9488e5100b9a4f925fb777e00248d 2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.2mdv2010.1.x86_64.rpm 11f6a185216335c804f0988621dd637c 2010.1/SRPMS/freetype2-2.3.12-1.2mdv2010.1.src.rpm
Corporate 4.0: 516a71993da7404ae96b14699cb1aa5f corporate/4.0/i586/libfreetype6-2.1.10-9.11.20060mlcs4.i586.rpm 839108110543d3243a725c3c2153ea46 corporate/4.0/i586/libfreetype6-devel-2.1.10-9.11.20060mlcs4.i586.rpm 8c912e309a35917d533fcf3be251f662 corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.11.20060mlcs4.i586.rpm e6e59f81030a80f5a1704f130e34b3ec corporate/4.0/SRPMS/freetype2-2.1.10-9.11.20060mlcs4.src.rpm
Corporate 4.0/X86_64: cf591c59af6e46e62609ff34892f52d3 corporate/4.0/x86_64/lib64freetype6-2.1.10-9.11.20060mlcs4.x86_64.rpm 55e0f089dee699185f317e863b12c590 corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.11.20060mlcs4.x86_64.rpm 7eec0361fb43382f4aa9558e2698af89 corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.11.20060mlcs4.x86_64.rpm e6e59f81030a80f5a1704f130e34b3ec corporate/4.0/SRPMS/freetype2-2.1.10-9.11.20060mlcs4.src.rpm
Mandriva Enterprise Server 5: cfed1363663ad29113cb1655c3e56429 mes5/i586/libfreetype6-2.3.7-1.3mdvmes5.1.i586.rpm bfc520ee4832553381a304209442dcc1 mes5/i586/libfreetype6-devel-2.3.7-1.3mdvmes5.1.i586.rpm 92f6f546f2dad9a2bf7031261079294a mes5/i586/libfreetype6-static-devel-2.3.7-1.3mdvmes5.1.i586.rpm d32510c26f462ffb120f4c4284f412d4 mes5/SRPMS/freetype2-2.3.7-1.3mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64: 35c99bfa9c7a0799a4f304d3a2de2f11 mes5/x86_64/lib64freetype6-2.3.7-1.3mdvmes5.1.x86_64.rpm 9dcb3dfb3769618d8b2c93f3f4ba53db mes5/x86_64/lib64freetype6-devel-2.3.7-1.3mdvmes5.1.x86_64.rpm 165edd82ca0492d88d393e8a65ad5869 mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.3mdvmes5.1.x86_64.rpm d32510c26f462ffb120f4c4284f412d4 mes5/SRPMS/freetype2-2.3.7-1.3mdvmes5.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMZBO6mqjQ0CJFipgRAvckAKCpFuRGLxgICBqETRTbXhdZpg8RywCgjKjm 46cbqAt0xVJvR5AdhA3z/FY= =T9it -----END PGP SIGNATURE----- .
CVE-2010-3053
bdf/bdflib.c in FreeType allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.
For the stable distribution (lenny), these problems have been fixed in version 2.3.7-2+lenny3
For the unstable distribution (sid) and the testing distribution (squeeze), these problems have been fixed in version 2.4.2-1
We recommend that you upgrade your freetype package.
Upgrade instructions
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
Debian (stable)
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.diff.gz Size/MD5 checksum: 39230 95a3841e7258573ca2d3e0075b8e7f73 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.dsc Size/MD5 checksum: 1219 2a2bf3d4568d92e2a48ebcda38140e73
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_alpha.deb Size/MD5 checksum: 775278 2f2ca060588fc33b6d7baae02201dbd2 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_alpha.deb Size/MD5 checksum: 412188 ad9537e93ed3fb61f9348470940f3ce5 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_alpha.udeb Size/MD5 checksum: 296592 e689b1c4b6bd7779e44d1cd641be9622 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_alpha.deb Size/MD5 checksum: 253786 287a98ca57139d4dee8041eba2881e3b
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_amd64.deb Size/MD5 checksum: 713260 f1d4002e7b6d185ff9f46bc25d67c4c9 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_amd64.deb Size/MD5 checksum: 223170 cb00f76d826be115243faa9dfd0b8a91 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_amd64.udeb Size/MD5 checksum: 269796 40762e686138c27ac92b20174e67012e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_amd64.deb Size/MD5 checksum: 385848 0294d7e3e1d6b37532f98344a9849cde
arm architecture (ARM)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_arm.deb Size/MD5 checksum: 686154 fbe32c7124ba2ce093b31f46736e002b http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_arm.deb Size/MD5 checksum: 357158 0d793d543a33cfa192098234c925d639 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_arm.udeb Size/MD5 checksum: 242196 1cfc9f7dc6a7cd0843aa234bab35b69e http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_arm.deb Size/MD5 checksum: 205120 39ab4dfbc19c8a63affc493e0b5aaf2d
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_armel.deb Size/MD5 checksum: 684568 325686fbc2fba7687da424ada57b9419 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_armel.deb Size/MD5 checksum: 209992 69f6a68fb90658ec74dfd7cc7cc0b766 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_armel.udeb Size/MD5 checksum: 236564 a48afca5c6798d16b140b3362dfac0ca http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_armel.deb Size/MD5 checksum: 353814 76960109910d6de2f74ec0e345f00854
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_i386.udeb Size/MD5 checksum: 254452 a34af74eda0feb2b763cfc6f5b8330c1 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_i386.deb Size/MD5 checksum: 371586 ec294ffffeb9ddec389e3e988d880534 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_i386.deb Size/MD5 checksum: 198558 3283ad058d37eed8bca46df743c6a915 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_i386.deb Size/MD5 checksum: 684624 014d335b35ed41022adb628796a0c122
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_ia64.deb Size/MD5 checksum: 332160 2dbb364f09414e4b0e0f59d9e91d1edc http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_ia64.deb Size/MD5 checksum: 876692 2f6d3421d6c8424523388347c5640666 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_ia64.deb Size/MD5 checksum: 531496 5dd7755f63271f597b64c3f513e8e7f1 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_ia64.udeb Size/MD5 checksum: 415934 ea2ba16157b3504d8b9c8f251b69b16f
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mips.deb Size/MD5 checksum: 717022 9ee8c246af10f4bf7cdf5cdc54010dd6 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mips.deb Size/MD5 checksum: 213212 3641ad81738e8935c5df2b648383c8e0 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mips.deb Size/MD5 checksum: 369018 18559e273ffcea5614e71ab32b95ef47 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mips.udeb Size/MD5 checksum: 253924 1be1e224f27a780beb6799d55fa74663
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mipsel.deb Size/MD5 checksum: 369772 6181d98166fe1f004fb033f2665ce4af http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mipsel.deb Size/MD5 checksum: 214802 6edbec67ff79e96921d1fe4bf57b0fce http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mipsel.deb Size/MD5 checksum: 712502 4a99ccc68b1913f88901c5e0686fea4f http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mipsel.udeb Size/MD5 checksum: 254212 e30825a94175fd78a561b8365392cbad
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_powerpc.udeb Size/MD5 checksum: 262804 d35ced8ba625f39dc7a04e3e61e0d49d http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_powerpc.deb Size/MD5 checksum: 233882 6e294c19dd0109ee80fe6cd401b6a185 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_powerpc.deb Size/MD5 checksum: 378612 c96a180e7132c543396486b14107cdad http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_powerpc.deb Size/MD5 checksum: 708212 9602a7786b2ebffd1d75d443901574c5
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_s390.deb Size/MD5 checksum: 225190 393c9515f7cd89bcd8b0c38d6d6dd7ac http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_s390.deb Size/MD5 checksum: 384160 4e20bc56e5fc65fb08529d8765d28850 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_s390.deb Size/MD5 checksum: 698798 f589b6b8882d998bb7b89fa1dfa40b3a http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_s390.udeb Size/MD5 checksum: 268272 7b6511b9ad657aa165e906a4fcbfee11
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_sparc.deb Size/MD5 checksum: 200078 29c1833cbde5b4da5c2e35aaf856ab58 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_sparc.udeb Size/MD5 checksum: 235424 e64a8fc3b744253b22161e31fbb6e92a http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_sparc.deb Size/MD5 checksum: 352544 a7f480889460b104bbab16fd8d8da2d5 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_sparc.deb Size/MD5 checksum: 676520 6d0f57a5bd6457a9b9b85271c7001531
These files will probably be moved into the stable distribution on its next update
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.1.5"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "1.1.4"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "2.0"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "2.0.1"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "2.0.0"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.2"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.2.1"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.2.1"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.2"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.3"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.1"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.1.3"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.1"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.2"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.1"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "4.0.1"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.0.1"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "2.1.1"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.1"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.0"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.2"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.1.2"
},
{
"_id": null,
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "3.1.2"
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "debian gnu linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "f5",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "foxit",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "suse linux",
"version": null
},
{
"_id": null,
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wind river",
"version": null
},
{
"_id": null,
"model": "freetype",
"scope": "lt",
"trust": 0.8,
"vendor": "freetype",
"version": "2.4.2 earlier"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "2.0 to 4.0.1 (iphone 3g after )"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "2.1 to 4.0 (ipod touch after )"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.2 and 3.2.1 (ipad for )"
},
{
"_id": null,
"model": "ipad",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"_id": null,
"model": "iphone",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"_id": null,
"model": "ipod touch",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"_id": null,
"model": "opensolaris",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "10"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "8"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "oracle",
"version": "9"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0 (x86-64)"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0"
},
{
"_id": null,
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "4.0 (x86-64)"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0"
},
{
"_id": null,
"model": "turbolinux appliance server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "3.0 (x64)"
},
{
"_id": null,
"model": "turbolinux client",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "2008"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11"
},
{
"_id": null,
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "11 (x64)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3 (ws)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "3.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"_id": null,
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"_id": null,
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.6,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "linux",
"scope": null,
"trust": 0.6,
"vendor": "gentoo",
"version": null
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.1.3"
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.1.2"
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.1.1"
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.0"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.1.3"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.1.2"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.0.1"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.1"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.0"
},
{
"_id": null,
"model": "ipad",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.2.1"
},
{
"_id": null,
"model": "ipad",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.2"
},
{
"_id": null,
"model": "ipad",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "0"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4.0.1"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.2.1"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "4"
},
{
"_id": null,
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "3.2"
},
{
"_id": null,
"model": "ios",
"scope": "ne",
"trust": 0.6,
"vendor": "apple",
"version": "4.0.2"
},
{
"_id": null,
"model": "ios",
"scope": "ne",
"trust": 0.6,
"vendor": "apple",
"version": "3.2.2"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.10"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "9.04"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts lpia",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "8.04"
},
{
"_id": null,
"model": "linux lts sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "6.06"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"_id": null,
"model": "linux enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "9"
},
{
"_id": null,
"model": "linux enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"_id": null,
"model": "linux enterprise sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"_id": null,
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris svn 126",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 99",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 98",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 96",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 95",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 94",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 93",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 92",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 91",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 90",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 89",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 88",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 87",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 85",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 84",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 83",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 82",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 81",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 80",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 78",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 77",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 76",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 74",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 71",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 68",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 67",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 64",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 61",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 59",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 58",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 57",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 56",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 54",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 51",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 50",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 49",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 48",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 47",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 45",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 41",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 39",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 38",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 37",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 36",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 35",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 29",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 28",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 22",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 19",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 13",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 111a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 111",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 110",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 109",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 108",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 107",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 106",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 105",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 104",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 103",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 102",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 101a",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 101",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 100",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 02",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris build snv 01",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "opensolaris",
"scope": "eq",
"trust": 0.3,
"vendor": "sun",
"version": "0"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.3"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.2"
},
{
"_id": null,
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.1"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"_id": null,
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "enterprise linux client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"_id": null,
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20090"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.1"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2010.0"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.1"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2009.0"
},
{
"_id": null,
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"_id": null,
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"_id": null,
"model": "corporate server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "corporate server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "4.0"
},
{
"_id": null,
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.4"
},
{
"_id": null,
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.3.6"
},
{
"_id": null,
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.3.5"
},
{
"_id": null,
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.3.4"
},
{
"_id": null,
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.3.3"
},
{
"_id": null,
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.2.10"
},
{
"_id": null,
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.2.1"
},
{
"_id": null,
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.1.10"
},
{
"_id": null,
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.1.9"
},
{
"_id": null,
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.1.7"
},
{
"_id": null,
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.0.9"
},
{
"_id": null,
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.0.6"
},
{
"_id": null,
"model": "freetype",
"scope": "eq",
"trust": 0.3,
"vendor": "freetype",
"version": "2.2"
},
{
"_id": null,
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "foxit",
"version": "4.1.1"
},
{
"_id": null,
"model": "reader build",
"scope": "eq",
"trust": 0.3,
"vendor": "foxit",
"version": "3.1.10928"
},
{
"_id": null,
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "foxit",
"version": "4.1"
},
{
"_id": null,
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "foxit",
"version": "3.2.10401"
},
{
"_id": null,
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "foxit",
"version": "3.20303"
},
{
"_id": null,
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "foxit",
"version": "3.0.2009.1301"
},
{
"_id": null,
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "foxit",
"version": "4.0"
},
{
"_id": null,
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "foxit",
"version": "3.2"
},
{
"_id": null,
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "foxit",
"version": "3.1.4.1125"
},
{
"_id": null,
"model": "reader build",
"scope": "eq",
"trust": 0.3,
"vendor": "foxit",
"version": "3.01817"
},
{
"_id": null,
"model": "reader build",
"scope": "eq",
"trust": 0.3,
"vendor": "foxit",
"version": "3.01506"
},
{
"_id": null,
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "foxit",
"version": "3.0"
},
{
"_id": null,
"model": "reader build",
"scope": "eq",
"trust": 0.3,
"vendor": "foxit",
"version": "2.33902"
},
{
"_id": null,
"model": "reader build",
"scope": "eq",
"trust": 0.3,
"vendor": "foxit",
"version": "2.32923"
},
{
"_id": null,
"model": "reader build",
"scope": "eq",
"trust": 0.3,
"vendor": "foxit",
"version": "2.32825"
},
{
"_id": null,
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "foxit",
"version": "2.3"
},
{
"_id": null,
"model": "reader",
"scope": "eq",
"trust": 0.3,
"vendor": "foxit",
"version": "2.2"
},
{
"_id": null,
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux mipsel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux m68k",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux hppa",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux armel",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux alpha",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "5.0"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "voice portal sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "voice portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "voice portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.2"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1.1"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0.3"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0.2"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"_id": null,
"model": "proactive contact",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "messaging storage server mm3.0",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "messaging storage server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "messaging storage server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "messaging storage server",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "message networking mn",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "message networking",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"_id": null,
"model": "message networking",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "ir",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.1"
},
{
"_id": null,
"model": "iq",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5"
},
{
"_id": null,
"model": "intuity audix lx r1.1",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"_id": null,
"model": "intuity audix lx sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "intuity audix lx sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "intuity audix lx",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"_id": null,
"model": "intuity audix lx",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.2"
},
{
"_id": null,
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.1"
},
{
"_id": null,
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "16.0"
},
{
"_id": null,
"model": "cms server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "15.0"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura system platform",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "aura system manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura system manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.0"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "aura session manager",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura presence services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"_id": null,
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2.1"
},
{
"_id": null,
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.2"
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.1"
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"_id": null,
"model": "ipod touch",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2.1"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.2"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0.1"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"_id": null,
"model": "iphone",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"_id": null,
"model": "opensolaris build snv 111b",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"_id": null,
"model": "reader",
"scope": "ne",
"trust": 0.3,
"vendor": "foxit",
"version": "4.1.1.0805"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#275247"
},
{
"db": "BID",
"id": "42241"
},
{
"db": "BID",
"id": "42151"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-143"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001892"
},
{
"db": "NVD",
"id": "CVE-2010-1797"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:freetype:freetype",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:apple:ipad",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:apple:iphone",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:apple:ipod_touch",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:opensolaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:oracle:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_appliance_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001892"
}
]
},
"credits": {
"_id": null,
"data": "Braden Thomas from Apple",
"sources": [
{
"db": "BID",
"id": "42241"
}
],
"trust": 0.3
},
"cve": "CVE-2010-1797",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2010-1797",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-44402",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-1797",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#275247",
"trust": 0.8,
"value": "13.39"
},
{
"author": "NVD",
"id": "CVE-2010-1797",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201008-143",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-44402",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2010-1797",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#275247"
},
{
"db": "VULHUB",
"id": "VHN-44402"
},
{
"db": "VULMON",
"id": "CVE-2010-1797"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-143"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001892"
},
{
"db": "NVD",
"id": "CVE-2010-1797"
}
]
},
"description": {
"_id": null,
"data": "Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information. FreeType 2 Is CFF A vulnerability exists in the handling of fonts. FreeType Is a library for handling various types of font files. FreeType 2 Is CFF A vulnerability exists in the processing of fonts that causes a stack corruption. Attack activity using this vulnerability has been confirmed.Crafted CFF Font FreeType 2 By loading it with an application that uses, arbitrary code may be executed by a remote third party. FreeType is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary-checks on user-supplied data. Failed exploit attempts will likely result in denial-of-service conditions. This BID has been updated to reflect details that may have been included in BID 42151. Apple iOS for iPhone, iPod touch, and iPad is prone to a local privilege-escalation vulnerability that affects the \u0027IOSurface\u0027 component. \nSuccessfully exploiting this issue can allow attackers to elevate privileges, leading to a complete compromise of the device. \niOS versions 4.0.1 and prior are vulnerable. \nNOTE (August 12, 2010): This BID was previously titled \u0027Apple iOS Multiple Vulnerabilities\u0027 and included details about a remote code-execution vulnerability. Following further analysis, we determined that the remote code-execution issue was already documented in BID 42241 (FreeType Compact Font Format (CFF) Multiple Stack Based Buffer Overflow Vulnerabilities). It can be used to rasterize and map characters into bitmaps and provide support for other font-related businesses. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 media-libs/freetype \u003c 2.4.8 \u003e= 2.4.8\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in FreeType. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll FreeType users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=media-libs/freetype-2.4.8\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-1797\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797\n[ 2 ] CVE-2010-2497\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497\n[ 3 ] CVE-2010-2498\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498\n[ 4 ] CVE-2010-2499\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499\n[ 5 ] CVE-2010-2500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500\n[ 6 ] CVE-2010-2519\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519\n[ 7 ] CVE-2010-2520\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520\n[ 8 ] CVE-2010-2527\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527\n[ 9 ] CVE-2010-2541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541\n[ 10 ] CVE-2010-2805\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805\n[ 11 ] CVE-2010-2806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806\n[ 12 ] CVE-2010-2807\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807\n[ 13 ] CVE-2010-2808\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808\n[ 14 ] CVE-2010-3053\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053\n[ 15 ] CVE-2010-3054\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054\n[ 16 ] CVE-2010-3311\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311\n[ 17 ] CVE-2010-3814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814\n[ 18 ] CVE-2010-3855\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855\n[ 19 ] CVE-2011-0226\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226\n[ 20 ] CVE-2011-3256\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256\n[ 21 ] CVE-2011-3439\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201201-09.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n Core Security Technologies - CoreLabs Advisory\n http://corelabs.coresecurity.com/\n\nApple OS X ATSServer CFF CharStrings INDEX Sign Mismatch\n\n\n\n1. *Advisory Information*\n\nTitle: Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch\nAdvisory Id: CORE-2010-0825\nAdvisory URL:\n[http://www.coresecurity.com/content/Apple-OSX-ATSServer-CharStrings-Sign-Mismatch]\nDate published: 2010-11-08\nDate of last update: 2010-11-08\nVendors contacted: Apple\nRelease mode: User release\n\n\n\n2. *Vulnerability Information*\n\nClass: Input validation error [CWE-20]\nImpact: Code execution\nRemotely Exploitable: Yes (client-side)\nLocally Exploitable: No\nCVE Name: CVE-2010-1797\nBugtraq ID: N/A\n\n\n\n3. *Vulnerability Description*\n\nThe Apple Type Services is prone to memory corruption due a sign\nmismatch vulnerability when handling the last offset value of the\nCharStrings INDEX structure. \n\nThis vulnerability is a variation of the vulnerability labeled as\nCVE-2010-1797 (FreeType JailbreakMe iPhone exploit variation). \n\n\n4. *Vulnerable packages*\n\n . Apple Mac OS X v10.5.x\n\n\n5. *Solutions and Workarounds*\n\nAccording to information provided to us by Apple, a patch for this fix\nhas already been developed. Apple provided us a release date for this\npatch in two opportunities but then failed to meet their our deadlines\nwithout giving us any notice or explanation. \n\nApple Mac OSX 10.6 is not affected by this vulnerability, upgrading to\nthis version is highly recommed when possible. \n\n\n6. *Credits*\n\nThis vulnerability was discovered and researched by Anibal Sacco\n[http://corelabs.coresecurity.com/index.php?module=Wiki\u0026action=view\u0026type=researcher\u0026name=Anibal_Sacco]\nand Matias Eissler\n[http://corelabs.coresecurity.com/index.php?module=Wiki\u0026action=view\u0026type=researcher\u0026name=Matias_Eissler],\nfrom Core Security Technologies. Publication was coordinated by Fernando\nRuss and Pedro Varangot. \n\n\n7. *Technical Description*\n\nWhen loading a PDF with an embedded CFF font a sign mismatch error\nexists in ATSServer when handling the last offset value of the\nCharStrings INDEX structure. \n\nThis could be triggered in different ways:\n\n . When trying to make a thumbnail of the file\n . When trying to open the file with the Preview app\n . Serving the file in a web server and tricking the user to click on it. Embedded in an email (if handled by Mail.app)\n\nThis allows to corrupt the process memory by controlling the size\nparameter of a memcpy function call allowing an attacker to get code\nexecution. \n\nAt [00042AFA] we can see how the value obtained from the file is sign\nextended prior to be passed to the function loc_370F0. Inside this\nfunction this value will be used as the size parameter of memcpy:\n\n/-----\n 00042AF2 movsx eax, word ptr [edx+5Eh]\n 00042AF6 mov [esp+0Ch], eax\n 00042AFA movsx eax, word ptr [esi+4]\n 00042AFE mov [esp], edi\n 00042B01 mov [esp+8], eax\n 00042B05 mov eax, [ebp-2Ch]\n 00042B08 mov [esp+4], eax\n 00042B0C call loc_370F0\n\n- -----/\n An attacker could take advantage of this condition by setting a\nnegative offset value (0xfffa) in the file that will be converted to a\nDWORD without enough validation leading to a memcpy of size 0xfffffffa. \n\nThis vulnerability results in arbitrary code execution. \n\n\n\n8. *Report Timeline*\n\n. 2010-08-26:\nVendor contacted, a draft of this advisory is sent and September 28th is\nproposed as a coordinated publication date. Core remarks that since this\nis a variation of a publicly disclossed vulnerability it may have\nalready been discovered by other security researchers like vulnerability\nresearch brokers or independent security researchers. 2010-08-28:\nThe Apple Product Security team acknowledges the report, saying that\nthey were able to reproduce the issue in Mac OS X 10.5 but not in Mac OS\nX 10.6, they also said that the deadline for September 28th will be\nimposible to meet. 2010-08-30:\nCore informs Apple that there is no problem changing the publication\ndate for the report, whenever the new publication date remains\nreasonable. Also, Core asks for a tentive timeframe for the fix, and\nconfirm that Mac OS X 10.6 does not seem to be affected. 2010-08-31:\nApple acknowledges the comunication informing the publication timing,\nand state that they are still trying to determine the most appropiate\ntimeframe. 2010-09-28:\nCore asks the vendor for an update regarding this issue. Also, Core asks\nfor a specific timeframe for the fix, and sets October 18th as tentative\npublication date. 2010-09-28:\nApple acknowledges the comunication informing that this issue will be\nfixed in the next security update of Mac OS X 10.5, which is tentatively\nscheduled for the end of October without a firm date of publication. 2010-08-31:\nApple asks Core about credit information for the advisory. 2010-09-28:\nCore acknowledges the comunication sending the credit information for\nthis report. 2010-10-20:\nCore asks Apple for a firm date for the release of this securiry issue\nsince the initial propossed timeframe of October 18th is due. 2010-10-22:\nApple acknowledges the comunication informing that the publication date\nis scheduled to the week of October 25th. Also, Apple notifies that the\nassigned identifier for this vulnerability is CVE-2010-1797. 2010-11-01:\nCore asks Apple for a new schedule for the publication, since there was\nno notice of any Apple security update during the week of October 25th. 2010-11-01:\nApple acknowledges the communication informing that the publication date\nwas rescheduled to the middle of the week of November 1st. 2010-11-03:\nCore informs Apple that the publication of this advisory was scheduled\nto Monday 8th, taking into account the last communication this is a\nfinal publication date. Core also informs that the information about how\nthis vulnerability was found and how it can be exploited will be\ndiscussed in a small infosec related local event in Buenos Aires city. 2010-11-08:\nCore publishes advisory CORE-2010-0825. \n\n\n\n9. *References*\n\n[1] [http://en.wikipedia.org/wiki/PostScript_fonts#Compact_Font_Format]\n\n\n10. *About CoreLabs*\n\nCoreLabs, the research center of Core Security Technologies, is charged\nwith anticipating the future needs and requirements for information\nsecurity technologies. We conduct our research in several important\nareas of computer security including system vulnerabilities, cyber\nattack planning and simulation, source code auditing, and cryptography. \nOur results include problem formalization, identification of\nvulnerabilities, novel solutions and prototypes for new technologies. \nCoreLabs regularly publishes security advisories, technical papers,\nproject information and shared software tools for public use at:\n[http://corelabs.coresecurity.com]. \n\n\n11. *About Core Security Technologies*\n\nCore Security Technologies develops strategic solutions that help\nsecurity-conscious organizations worldwide develop and maintain a\nproactive process for securing their networks. The company\u0027s flagship\nproduct, CORE IMPACT, is the most comprehensive product for performing\nenterprise security assurance testing. CORE IMPACT evaluates network,\nendpoint and end-user vulnerabilities and identifies what resources are\nexposed. It enables organizations to determine if current security\ninvestments are detecting and preventing attacks. Core Security\nTechnologies augments its leading technology solution with world-class\nsecurity consulting services, including penetration testing and software\nsecurity auditing. Based in Boston, MA and Buenos Aires, Argentina, Core\nSecurity Technologies can be reached at 617-399-6980 or on the Web at\n[http://www.coresecurity.com]. \n\n\n12. *Disclaimer*\n\nThe contents of this advisory are copyright (c) 2010 Core Security\nTechnologies and (c) 2010 CoreLabs, and are licensed under a Creative\nCommons Attribution Non-Commercial Share-Alike 3.0 (United States)\nLicense: [http://creativecommons.org/licenses/by-nc-sa/3.0/us/]\n\n\n13. *PGP/GPG Keys*\n\nThis advisory has been signed with the GPG key of Core Security\nTechnologies advisories team, which is available for download at\n[http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.12 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\n\niEYEARECAAYFAkzYayoACgkQyNibggitWa2PMgCfSvLwR5OgWfmFIwpONWL+dMa3\nnjEAnjIZFF+zG/wWK3IscWx3VyNW5F30\n=XULv\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n \n Packages for 2008.0 and 2009.0 are provided as of the Extended\n Maintenance Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026products_id=490\n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1797\n https://bugzilla.redhat.com/show_bug.cgi?id=621144\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n e5b2f1ac6039b90de44e4c54a7dc15ad 2008.0/i586/libfreetype6-2.3.5-2.4mdv2008.0.i586.rpm\n ec559f7f70f91973c7c3337d170c2bf1 2008.0/i586/libfreetype6-devel-2.3.5-2.4mdv2008.0.i586.rpm\n 0f87bab9e3ba83faf24b13b13e8a16a5 2008.0/i586/libfreetype6-static-devel-2.3.5-2.4mdv2008.0.i586.rpm \n 0d6118b220d595e52174eb7cc2675980 2008.0/SRPMS/freetype2-2.3.5-2.4mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 5d3a64ac00fb880838ea068bceb28055 2008.0/x86_64/lib64freetype6-2.3.5-2.4mdv2008.0.x86_64.rpm\n d052dabc9b4f9fa41863eb8ca1fe334b 2008.0/x86_64/lib64freetype6-devel-2.3.5-2.4mdv2008.0.x86_64.rpm\n 281d278bf445567d29c510d0d27f7489 2008.0/x86_64/lib64freetype6-static-devel-2.3.5-2.4mdv2008.0.x86_64.rpm \n 0d6118b220d595e52174eb7cc2675980 2008.0/SRPMS/freetype2-2.3.5-2.4mdv2008.0.src.rpm\n\n Mandriva Linux 2009.0:\n ed81cc7ed3660ce94c3c6d00d556ac18 2009.0/i586/libfreetype6-2.3.7-1.3mdv2009.0.i586.rpm\n 325432a13a72aaf457847f4a205b9823 2009.0/i586/libfreetype6-devel-2.3.7-1.3mdv2009.0.i586.rpm\n bcd0dbb954f1a4e09d10e03556ea2497 2009.0/i586/libfreetype6-static-devel-2.3.7-1.3mdv2009.0.i586.rpm \n 373a3d35198adefaabfdb3d75c4359b1 2009.0/SRPMS/freetype2-2.3.7-1.3mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 4af7ec1921662eaa37e6a5b27998cdec 2009.0/x86_64/lib64freetype6-2.3.7-1.3mdv2009.0.x86_64.rpm\n c53e5285ea05fc68168a800df25a9556 2009.0/x86_64/lib64freetype6-devel-2.3.7-1.3mdv2009.0.x86_64.rpm\n 3a5b5a4aa2eec538b0479f066fa6e7e7 2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.3mdv2009.0.x86_64.rpm \n 373a3d35198adefaabfdb3d75c4359b1 2009.0/SRPMS/freetype2-2.3.7-1.3mdv2009.0.src.rpm\n\n Mandriva Linux 2009.1:\n ce6a11ba3156f8e1ac8339bf3c94f709 2009.1/i586/libfreetype6-2.3.9-1.4mdv2009.1.i586.rpm\n dc2573dc94973052652f2481651e927a 2009.1/i586/libfreetype6-devel-2.3.9-1.4mdv2009.1.i586.rpm\n aee56bcfbed1899495f00e87ddaed7ce 2009.1/i586/libfreetype6-static-devel-2.3.9-1.4mdv2009.1.i586.rpm \n aaa5a09d40624240e901b31d4f0e98c0 2009.1/SRPMS/freetype2-2.3.9-1.4mdv2009.1.src.rpm\n\n Mandriva Linux 2009.1/X86_64:\n 9e51fa000bb7e106189845ca6694ae15 2009.1/x86_64/lib64freetype6-2.3.9-1.4mdv2009.1.x86_64.rpm\n 2ec9a71562a8d40a8accaf967b3c2a75 2009.1/x86_64/lib64freetype6-devel-2.3.9-1.4mdv2009.1.x86_64.rpm\n 8e87a5ba6fd376aeceef71fe5b809f86 2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.4mdv2009.1.x86_64.rpm \n aaa5a09d40624240e901b31d4f0e98c0 2009.1/SRPMS/freetype2-2.3.9-1.4mdv2009.1.src.rpm\n\n Mandriva Linux 2010.0:\n faf191e76adc0e2f8f4bebfd97f36a49 2010.0/i586/libfreetype6-2.3.11-1.2mdv2010.0.i586.rpm\n 7202581d10580a63ba28eb4b0dce708c 2010.0/i586/libfreetype6-devel-2.3.11-1.2mdv2010.0.i586.rpm\n ecaad382e83f7005a1d76a585dfe879c 2010.0/i586/libfreetype6-static-devel-2.3.11-1.2mdv2010.0.i586.rpm \n 3c34f8f0e0352ef0a11c57d4eadc1ccd 2010.0/SRPMS/freetype2-2.3.11-1.2mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 9ffe17211ba4e4a6aa67e73e4c22e020 2010.0/x86_64/lib64freetype6-2.3.11-1.2mdv2010.0.x86_64.rpm\n eebaba0b5509b21da03a432699198342 2010.0/x86_64/lib64freetype6-devel-2.3.11-1.2mdv2010.0.x86_64.rpm\n 90e215bda5483ee6b5d5ca74bfedf7c0 2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.2mdv2010.0.x86_64.rpm \n 3c34f8f0e0352ef0a11c57d4eadc1ccd 2010.0/SRPMS/freetype2-2.3.11-1.2mdv2010.0.src.rpm\n\n Mandriva Linux 2010.1:\n 437be09971963217a5daef5dc04d451b 2010.1/i586/libfreetype6-2.3.12-1.2mdv2010.1.i586.rpm\n 42f5ddeeb25353a9fa20677112e9ae7c 2010.1/i586/libfreetype6-devel-2.3.12-1.2mdv2010.1.i586.rpm\n c77ce226104a1febd22c920c73a807f7 2010.1/i586/libfreetype6-static-devel-2.3.12-1.2mdv2010.1.i586.rpm \n 11f6a185216335c804f0988621dd637c 2010.1/SRPMS/freetype2-2.3.12-1.2mdv2010.1.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n a4a5170f277a9654f19b208deab8027c 2010.1/x86_64/lib64freetype6-2.3.12-1.2mdv2010.1.x86_64.rpm\n 4637ff02b2739b2d29c94333f00ce59e 2010.1/x86_64/lib64freetype6-devel-2.3.12-1.2mdv2010.1.x86_64.rpm\n 20a9488e5100b9a4f925fb777e00248d 2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.2mdv2010.1.x86_64.rpm \n 11f6a185216335c804f0988621dd637c 2010.1/SRPMS/freetype2-2.3.12-1.2mdv2010.1.src.rpm\n\n Corporate 4.0:\n 516a71993da7404ae96b14699cb1aa5f corporate/4.0/i586/libfreetype6-2.1.10-9.11.20060mlcs4.i586.rpm\n 839108110543d3243a725c3c2153ea46 corporate/4.0/i586/libfreetype6-devel-2.1.10-9.11.20060mlcs4.i586.rpm\n 8c912e309a35917d533fcf3be251f662 corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.11.20060mlcs4.i586.rpm \n e6e59f81030a80f5a1704f130e34b3ec corporate/4.0/SRPMS/freetype2-2.1.10-9.11.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n cf591c59af6e46e62609ff34892f52d3 corporate/4.0/x86_64/lib64freetype6-2.1.10-9.11.20060mlcs4.x86_64.rpm\n 55e0f089dee699185f317e863b12c590 corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.11.20060mlcs4.x86_64.rpm\n 7eec0361fb43382f4aa9558e2698af89 corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.11.20060mlcs4.x86_64.rpm \n e6e59f81030a80f5a1704f130e34b3ec corporate/4.0/SRPMS/freetype2-2.1.10-9.11.20060mlcs4.src.rpm\n\n Mandriva Enterprise Server 5:\n cfed1363663ad29113cb1655c3e56429 mes5/i586/libfreetype6-2.3.7-1.3mdvmes5.1.i586.rpm\n bfc520ee4832553381a304209442dcc1 mes5/i586/libfreetype6-devel-2.3.7-1.3mdvmes5.1.i586.rpm\n 92f6f546f2dad9a2bf7031261079294a mes5/i586/libfreetype6-static-devel-2.3.7-1.3mdvmes5.1.i586.rpm \n d32510c26f462ffb120f4c4284f412d4 mes5/SRPMS/freetype2-2.3.7-1.3mdvmes5.1.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 35c99bfa9c7a0799a4f304d3a2de2f11 mes5/x86_64/lib64freetype6-2.3.7-1.3mdvmes5.1.x86_64.rpm\n 9dcb3dfb3769618d8b2c93f3f4ba53db mes5/x86_64/lib64freetype6-devel-2.3.7-1.3mdvmes5.1.x86_64.rpm\n 165edd82ca0492d88d393e8a65ad5869 mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.3mdvmes5.1.x86_64.rpm \n d32510c26f462ffb120f4c4284f412d4 mes5/SRPMS/freetype2-2.3.7-1.3mdvmes5.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFMZBO6mqjQ0CJFipgRAvckAKCpFuRGLxgICBqETRTbXhdZpg8RywCgjKjm\n46cbqAt0xVJvR5AdhA3z/FY=\n=T9it\n-----END PGP SIGNATURE-----\n. \n\nCVE-2010-3053\n\n bdf/bdflib.c in FreeType allows remote attackers to cause a denial of\n service (application crash) via a crafted BDF font file, related to\n an attempted modification of a value in a static string. \n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.3.7-2+lenny3\n\nFor the unstable distribution (sid) and the testing distribution\n(squeeze), these problems have been fixed in version 2.4.2-1\n\n\nWe recommend that you upgrade your freetype package. \n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. \n\nSource archives:\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.diff.gz\n Size/MD5 checksum: 39230 95a3841e7258573ca2d3e0075b8e7f73\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz\n Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.dsc\n Size/MD5 checksum: 1219 2a2bf3d4568d92e2a48ebcda38140e73\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_alpha.deb\n Size/MD5 checksum: 775278 2f2ca060588fc33b6d7baae02201dbd2\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_alpha.deb\n Size/MD5 checksum: 412188 ad9537e93ed3fb61f9348470940f3ce5\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_alpha.udeb\n Size/MD5 checksum: 296592 e689b1c4b6bd7779e44d1cd641be9622\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_alpha.deb\n Size/MD5 checksum: 253786 287a98ca57139d4dee8041eba2881e3b\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_amd64.deb\n Size/MD5 checksum: 713260 f1d4002e7b6d185ff9f46bc25d67c4c9\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_amd64.deb\n Size/MD5 checksum: 223170 cb00f76d826be115243faa9dfd0b8a91\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_amd64.udeb\n Size/MD5 checksum: 269796 40762e686138c27ac92b20174e67012e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_amd64.deb\n Size/MD5 checksum: 385848 0294d7e3e1d6b37532f98344a9849cde\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_arm.deb\n Size/MD5 checksum: 686154 fbe32c7124ba2ce093b31f46736e002b\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_arm.deb\n Size/MD5 checksum: 357158 0d793d543a33cfa192098234c925d639\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_arm.udeb\n Size/MD5 checksum: 242196 1cfc9f7dc6a7cd0843aa234bab35b69e\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_arm.deb\n Size/MD5 checksum: 205120 39ab4dfbc19c8a63affc493e0b5aaf2d\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_armel.deb\n Size/MD5 checksum: 684568 325686fbc2fba7687da424ada57b9419\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_armel.deb\n Size/MD5 checksum: 209992 69f6a68fb90658ec74dfd7cc7cc0b766\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_armel.udeb\n Size/MD5 checksum: 236564 a48afca5c6798d16b140b3362dfac0ca\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_armel.deb\n Size/MD5 checksum: 353814 76960109910d6de2f74ec0e345f00854\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_i386.udeb\n Size/MD5 checksum: 254452 a34af74eda0feb2b763cfc6f5b8330c1\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_i386.deb\n Size/MD5 checksum: 371586 ec294ffffeb9ddec389e3e988d880534\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_i386.deb\n Size/MD5 checksum: 198558 3283ad058d37eed8bca46df743c6a915\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_i386.deb\n Size/MD5 checksum: 684624 014d335b35ed41022adb628796a0c122\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_ia64.deb\n Size/MD5 checksum: 332160 2dbb364f09414e4b0e0f59d9e91d1edc\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_ia64.deb\n Size/MD5 checksum: 876692 2f6d3421d6c8424523388347c5640666\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_ia64.deb\n Size/MD5 checksum: 531496 5dd7755f63271f597b64c3f513e8e7f1\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_ia64.udeb\n Size/MD5 checksum: 415934 ea2ba16157b3504d8b9c8f251b69b16f\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mips.deb\n Size/MD5 checksum: 717022 9ee8c246af10f4bf7cdf5cdc54010dd6\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mips.deb\n Size/MD5 checksum: 213212 3641ad81738e8935c5df2b648383c8e0\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mips.deb\n Size/MD5 checksum: 369018 18559e273ffcea5614e71ab32b95ef47\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mips.udeb\n Size/MD5 checksum: 253924 1be1e224f27a780beb6799d55fa74663\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mipsel.deb\n Size/MD5 checksum: 369772 6181d98166fe1f004fb033f2665ce4af\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mipsel.deb\n Size/MD5 checksum: 214802 6edbec67ff79e96921d1fe4bf57b0fce\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mipsel.deb\n Size/MD5 checksum: 712502 4a99ccc68b1913f88901c5e0686fea4f\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mipsel.udeb\n Size/MD5 checksum: 254212 e30825a94175fd78a561b8365392cbad\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_powerpc.udeb\n Size/MD5 checksum: 262804 d35ced8ba625f39dc7a04e3e61e0d49d\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_powerpc.deb\n Size/MD5 checksum: 233882 6e294c19dd0109ee80fe6cd401b6a185\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_powerpc.deb\n Size/MD5 checksum: 378612 c96a180e7132c543396486b14107cdad\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_powerpc.deb\n Size/MD5 checksum: 708212 9602a7786b2ebffd1d75d443901574c5\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_s390.deb\n Size/MD5 checksum: 225190 393c9515f7cd89bcd8b0c38d6d6dd7ac\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_s390.deb\n Size/MD5 checksum: 384160 4e20bc56e5fc65fb08529d8765d28850\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_s390.deb\n Size/MD5 checksum: 698798 f589b6b8882d998bb7b89fa1dfa40b3a\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_s390.udeb\n Size/MD5 checksum: 268272 7b6511b9ad657aa165e906a4fcbfee11\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_sparc.deb\n Size/MD5 checksum: 200078 29c1833cbde5b4da5c2e35aaf856ab58\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_sparc.udeb\n Size/MD5 checksum: 235424 e64a8fc3b744253b22161e31fbb6e92a\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_sparc.deb\n Size/MD5 checksum: 352544 a7f480889460b104bbab16fd8d8da2d5\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_sparc.deb\n Size/MD5 checksum: 676520 6d0f57a5bd6457a9b9b85271c7001531\n\n\n These files will probably be moved into the stable distribution on\n its next update",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1797"
},
{
"db": "CERT/CC",
"id": "VU#275247"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001892"
},
{
"db": "BID",
"id": "42241"
},
{
"db": "BID",
"id": "42151"
},
{
"db": "VULHUB",
"id": "VHN-44402"
},
{
"db": "VULMON",
"id": "CVE-2010-1797"
},
{
"db": "PACKETSTORM",
"id": "109005"
},
{
"db": "PACKETSTORM",
"id": "95653"
},
{
"db": "PACKETSTORM",
"id": "92722"
},
{
"db": "PACKETSTORM",
"id": "93637"
}
],
"trust": 3.42
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=14727",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-44402",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44402"
},
{
"db": "VULMON",
"id": "CVE-2010-1797"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2010-1797",
"trust": 3.6
},
{
"db": "SECUNIA",
"id": "40816",
"trust": 3.4
},
{
"db": "SECUNIA",
"id": "40807",
"trust": 2.6
},
{
"db": "VUPEN",
"id": "ADV-2010-2018",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "66828",
"trust": 2.6
},
{
"db": "BID",
"id": "42151",
"trust": 2.1
},
{
"db": "BID",
"id": "42241",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "40982",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "48951",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "14538",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2010-2106",
"trust": 1.8
},
{
"db": "CERT/CC",
"id": "VU#275247",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1024283",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001892",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201008-143",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "14727",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "109005",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "92722",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "95653",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "93637",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "92842",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-69655",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-69526",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-44402",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2010-1797",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#275247"
},
{
"db": "VULHUB",
"id": "VHN-44402"
},
{
"db": "VULMON",
"id": "CVE-2010-1797"
},
{
"db": "BID",
"id": "42241"
},
{
"db": "BID",
"id": "42151"
},
{
"db": "PACKETSTORM",
"id": "109005"
},
{
"db": "PACKETSTORM",
"id": "95653"
},
{
"db": "PACKETSTORM",
"id": "92722"
},
{
"db": "PACKETSTORM",
"id": "93637"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-143"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001892"
},
{
"db": "NVD",
"id": "CVE-2010-1797"
}
]
},
"id": "VAR-201008-0306",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-44402"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T22:16:44.809000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HT4292",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4292"
},
{
"title": "HT4291",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4291"
},
{
"title": "HT4291",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4291?viewlocale=ja_JP"
},
{
"title": "HT4292",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4292?viewlocale=ja_JP"
},
{
"title": "freetype-2.2.1-26.0.1.AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1238"
},
{
"title": "2109",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2109"
},
{
"title": "RHSA-2010:0607",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2010-0607.html"
},
{
"title": "cve_2010_1797_buffer_overflow",
"trust": 0.8,
"url": "http://blogs.sun.com/security/entry/cve_2010_1797_buffer_overflow"
},
{
"title": "CHANGES BETWEEN 2.4.0 and 2.4.1",
"trust": 0.8,
"url": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.1/NEWS/view"
},
{
"title": "CHANGES BETWEEN 2.4.1 and 2.4.2",
"trust": 0.8,
"url": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://freetype.sourceforge.net/index2.html"
},
{
"title": "Stable Releases",
"trust": 0.8,
"url": "http://freetype.sourceforge.net/download.html#stable"
},
{
"title": "TLSA-2010-34",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2010/TLSA-2010-34j.txt"
},
{
"title": "CVE-2010-1797",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40151"
},
{
"title": "Red Hat: Important: freetype security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20100607 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: freetype vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-972-1"
},
{
"title": "Debian Security Advisories: DSA-2105-1 freetype -- several vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=7fe350e40a93e278310abb1441ee2ffb"
},
{
"title": "ipod_sun\nWARNING!\nAttribution\nThanks",
"trust": 0.1,
"url": "https://github.com/CUB3D/ipod_sun "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2010/11/10/mac_osx_security_vuln/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-1797"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-143"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001892"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44402"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001892"
},
{
"db": "NVD",
"id": "CVE-2010-1797"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.4,
"url": "http://secunia.com/advisories/40816"
},
{
"trust": 2.6,
"url": "http://support.apple.com/kb/ht4291"
},
{
"trust": 2.6,
"url": "http://support.apple.com/kb/ht4292"
},
{
"trust": 2.6,
"url": "http://www.f-secure.com/weblog/archives/00002002.html"
},
{
"trust": 2.6,
"url": "http://osvdb.org/66828"
},
{
"trust": 2.6,
"url": "http://secunia.com/advisories/40807"
},
{
"trust": 2.6,
"url": "http://www.vupen.com/english/advisories/2010/2018"
},
{
"trust": 2.2,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=621144"
},
{
"trust": 2.1,
"url": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/news/view"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2010//aug/msg00000.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2010//aug/msg00001.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/42151"
},
{
"trust": 1.8,
"url": "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2"
},
{
"trust": 1.8,
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50"
},
{
"trust": 1.8,
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc"
},
{
"trust": 1.8,
"url": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019"
},
{
"trust": 1.8,
"url": "http://www.exploit-db.com/exploits/14538"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/40982"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/48951"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-972-1"
},
{
"trust": 1.8,
"url": "http://www.vupen.com/english/advisories/2010/2106"
},
{
"trust": 1.8,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60856"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/42241"
},
{
"trust": 1.1,
"url": "http://www.foxitsoftware.com/pdf/reader/security_bulletins.php#iphone"
},
{
"trust": 0.9,
"url": "http://www.kb.cert.org/vuls/id/275247"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1797"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2010/aug/1024283.html"
},
{
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2010-0607.html"
},
{
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00005.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu275247"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1797"
},
{
"trust": 0.6,
"url": "http://www.apple.com/iphone/softwareupdate/"
},
{
"trust": 0.6,
"url": "http://www.apple.com/iphone/"
},
{
"trust": 0.6,
"url": "http://www.apple.com/ipodtouch/"
},
{
"trust": 0.6,
"url": "http://twitter.com/comex/status/20918593762"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1797"
},
{
"trust": 0.3,
"url": "http://www.foxitsoftware.com/pdf/reader/bugfix.php"
},
{
"trust": 0.3,
"url": "http://www.freetype.org/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ipad/"
},
{
"trust": 0.3,
"url": "http://www.foxitsoftware.com/announcements/2010861227.html"
},
{
"trust": 0.3,
"url": "http://blogs.sun.com/security/entry/cve_2010_1797_buffer_overflow"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100113739"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/css/p8/documents/100156056"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2805"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3053"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2806"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2541"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2808"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2807"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://github.com/cub3d/ipod_sun"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/14727/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2807"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2520"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0226"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2498"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3311"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2541"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3439"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2527"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0226"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3256"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3311"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3439"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2497"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2519"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2499"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2527"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2806"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201201-09.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3054"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1797"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2497"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3855"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3855"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2500"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3256"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3053"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2499"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3814"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2808"
},
{
"trust": 0.1,
"url": "http://corelabs.coresecurity.com]."
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc]."
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org/"
},
{
"trust": 0.1,
"url": "http://corelabs.coresecurity.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://corelabs.coresecurity.com/index.php?module=wiki\u0026action=view\u0026type=researcher\u0026name=anibal_sacco]"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com]."
},
{
"trust": 0.1,
"url": "http://corelabs.coresecurity.com/index.php?module=wiki\u0026action=view\u0026type=researcher\u0026name=matias_eissler],"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/content/apple-osx-atsserver-charstrings-sign-mismatch]"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-nc-sa/3.0/us/]"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://en.wikipedia.org/wiki/postscript_fonts#compact_font_format]"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://store.mandriva.com/product_info.php?cpath=149\u0026products_id=490"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_sparc.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_armel.deb"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_s390.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_i386.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_alpha.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_armel.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_i386.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_amd64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_powerpc.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_amd64.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_arm.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.dsc"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_s390.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_arm.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.diff.gz"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_ia64.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_ia64.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mipsel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mipsel.udeb"
},
{
"trust": 0.1,
"url": "http://packages.debian.org/\u003cpkg\u003e"
},
{
"trust": 0.1,
"url": "http://security.debian.org/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_alpha.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mips.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mips.udeb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_armel.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_sparc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_powerpc.deb"
},
{
"trust": 0.1,
"url": "http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_alpha.deb"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#275247"
},
{
"db": "VULHUB",
"id": "VHN-44402"
},
{
"db": "VULMON",
"id": "CVE-2010-1797"
},
{
"db": "BID",
"id": "42241"
},
{
"db": "BID",
"id": "42151"
},
{
"db": "PACKETSTORM",
"id": "109005"
},
{
"db": "PACKETSTORM",
"id": "95653"
},
{
"db": "PACKETSTORM",
"id": "92722"
},
{
"db": "PACKETSTORM",
"id": "93637"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-143"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001892"
},
{
"db": "NVD",
"id": "CVE-2010-1797"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CERT/CC",
"id": "VU#275247",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-44402",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2010-1797",
"ident": null
},
{
"db": "BID",
"id": "42241",
"ident": null
},
{
"db": "BID",
"id": "42151",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "109005",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "95653",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "92722",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "93637",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201008-143",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001892",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2010-1797",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2010-08-05T00:00:00",
"db": "CERT/CC",
"id": "VU#275247",
"ident": null
},
{
"date": "2010-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-44402",
"ident": null
},
{
"date": "2010-08-16T00:00:00",
"db": "VULMON",
"id": "CVE-2010-1797",
"ident": null
},
{
"date": "2010-08-05T00:00:00",
"db": "BID",
"id": "42241",
"ident": null
},
{
"date": "2010-08-02T00:00:00",
"db": "BID",
"id": "42151",
"ident": null
},
{
"date": "2012-01-24T04:19:22",
"db": "PACKETSTORM",
"id": "109005",
"ident": null
},
{
"date": "2010-11-09T01:58:48",
"db": "PACKETSTORM",
"id": "95653",
"ident": null
},
{
"date": "2010-08-13T01:49:40",
"db": "PACKETSTORM",
"id": "92722",
"ident": null
},
{
"date": "2010-09-09T02:40:54",
"db": "PACKETSTORM",
"id": "93637",
"ident": null
},
{
"date": "2010-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-143",
"ident": null
},
{
"date": "2010-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001892",
"ident": null
},
{
"date": "2010-08-16T18:39:40.403000",
"db": "NVD",
"id": "CVE-2010-1797",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2010-09-14T00:00:00",
"db": "CERT/CC",
"id": "VU#275247",
"ident": null
},
{
"date": "2019-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-44402",
"ident": null
},
{
"date": "2021-05-23T00:00:00",
"db": "VULMON",
"id": "CVE-2010-1797",
"ident": null
},
{
"date": "2015-04-13T21:43:00",
"db": "BID",
"id": "42241",
"ident": null
},
{
"date": "2015-04-13T22:11:00",
"db": "BID",
"id": "42151",
"ident": null
},
{
"date": "2019-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201008-143",
"ident": null
},
{
"date": "2010-11-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001892",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-1797",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "109005"
},
{
"db": "PACKETSTORM",
"id": "95653"
},
{
"db": "CNNVD",
"id": "CNNVD-201008-143"
}
],
"trust": 0.8
},
"title": {
"_id": null,
"data": "FreeType 2 CFF font stack corruption vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#275247"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201008-143"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.