Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Good to know:
Date: July 19, 2011
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
Related Resources (5)
Weakness Type (CWE)
Upgrade to version 2.4.6,4.2.9,4.3.4
|Attack Vector (AV):||NETWORK|
|Attack Complexity (AC):||HIGH|
|Privileges Required (PR):||NONE|
|User Interaction (UI):||NONE|
|Access Vector (AV):||NETWORK|
|Access Complexity (AC):||MEDIUM|