cbcvebase.
CVE-2011-0226
published 2011-07-19

CVE-2011-0226: Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other…

PriorityP268critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
6.65%
93.0th percentile
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.

Affected

70 ranges· showing 25
VendorProductVersion rangeFixed in
appleiphone_os<= 4.2.8
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os
appleiphone_os

Detection & IOCsextracted from sources · hover to see the quote

pathpsaux/t1decode.c
  • CVE-2011-0226 is an integer signedness error in FreeType's Type 1 font decoder (psaux/t1decode.c). Trigger vector is a crafted Type 1 font embedded in a PDF document delivered remotely; flag suspicious PDF files containing embedded Type 1 fonts for inspection.
  • This vulnerability was actively exploited in the wild in July 2011; prioritize detection and patching on systems running FreeType versions prior to 2.4.6, particularly those processing untrusted PDF documents.
  • The vulnerability affects FreeType's postscript Type 1 font parsing; monitor for application crashes or memory corruption in processes that invoke FreeType when rendering PDF documents containing Type 1 fonts.
  • ·Red Hat Enterprise Linux 4 and 5 are listed as Not Affected for CVE-2011-0226; do not apply FreeType-specific mitigations for this CVE on those platforms.
  • ·CVE-2011-0226 is a distinct vulnerability from CVE-2011-3256; ensure detection and patching efforts target the correct CVE — CVE-2011-0226 is fixed in FreeType 2.4.6, while CVE-2011-3256 requires 2.4.7.

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
ghsa5.9MEDIUM
osv9.3CRITICAL
vulncheck9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.