CVE-2011-3439 — Out-of-bounds Write in Apple Iphone OS

CWE-787 — Out-of-bounds Write10 documents9 sources

Severity

9.3CRITICALNVD

EPSS

6.5%

top 8.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freetype Apple Iphone OS Suse Linux Enterprise Desktop +2 more

Timeline

PublishedNov 11

Latest updateMay 13

Description

FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages5 packages

▶NVDapple/iphone_os< 5.0.1

▶Debianfreetype/freetype< 2.4.8-1+3

▶NVDsuse/linux_enterprise_server11

▶NVDsuse/linux_enterprise_desktop11

▶NVDsuse/linux_enterprise_software_development_kit11

🔴Vulnerability Details

GHSA

GHSA-g6wc-2mxr-5w42: FreeType in CoreGraphics in Apple iOS before 5↗2022-05-13

▶

CVEList

CVE-2011-3439: FreeType in CoreGraphics in Apple iOS before 5↗2011-11-11

▶

OSV

CVE-2011-3439: FreeType in CoreGraphics in Apple iOS before 5↗2011-11-11

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Server Service - NetpwPathCanonicalize Overflow (MS06-040) (Metasploit)↗2011-02-17

▶

📋Vendor Advisories

Ubuntu

FreeType vulnerabilities↗2011-11-18

▶

Red Hat

freetype: Multiple security flaws when loading CID-keyed Type 1 fonts↗2011-11-10

▶

Debian

CVE-2011-3439: freetype - FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to ex...↗2011

▶

💬Community

Bugzilla

CVE-2011-3439 freetype: Multiple security flaws when loading CID-keyed Type 1 fonts [fedora-all]↗2011-11-14

▶

Bugzilla

CVE-2011-3439 freetype: Multiple security flaws when loading CID-keyed Type 1 fonts↗2011-11-14

▶