製品・ソフトウェアに関する情報

JVN脆弱性詳細

Apple iOS などの製品で使用される FreeType における任意のコードを実行される脆弱性

Title	Apple iOS などの製品で使用される FreeType における任意のコードを実行される脆弱性
Summary	Apple iOS の CoreGraphics などの製品で使用される FreeType の psaux/t1decode.c には、任意のコードを実行される、またはサービス運用妨害 (メモリ破損およびアプリケーションクラッシュ) 状態となる脆弱性が存在します。
Possible impacts	第三者により、巧妙に細工された PDF 文書内の Type 1 フォントを介して、任意のコードを実行される、またはサービス運用妨害 (メモリ破損およびアプリケーションクラッシュ) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	July 8, 2011, midnight
Registration Date	July 27, 2011, 10:30 a.m.
Last Update	May 18, 2012, 4:42 p.m.

CVSS2.0 : 危険
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected System

レッドハット

Red Hat Enterprise Linux Desktop 6

Red Hat Enterprise Linux HPC Node 6

Red Hat Enterprise Linux Server 6

Red Hat Enterprise Linux Server EUS 6.1.z

Red Hat Enterprise Linux Workstation 6

アップル

iOS 3.0 から 4.3.3（iPhone 3GS および iPhone 4 (GSM モデル))

iOS 3.1 から 4.3.3 (iPod touch (3rd generation) 以降)

iOS 3.2 から 4.3.3 (iPad 用)

iOS 4.2.5 から 4.2.8 (iPhone 4 (CDMA モデル))

iPad

iPhone

iPod touch

FreeType Project

FreeType 2.4.6 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-0226	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0226
National Vulnerability Database (NVD)
2	CVE-2011-0226	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0226
SECURITY BLOG
3	CVE-2011-0226 Denial of Service (DoS) vulnerability in FreeType	https://blogs.oracle.com/sunsecurity/entry/cve_2011_0226_denial_of

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-189	https://jvndb.jvn.jp/ja/cwe/CWE-189.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT4802	http://support.apple.com/kb/HT4802
2	HT4803	http://support.apple.com/kb/HT4803
Apple セキュリティアップデート
3	HT4802	http://support.apple.com/kb/HT4802?viewlocale=ja_JP
4	HT4803	http://support.apple.com/kb/HT4803?viewlocale=ja_JP
Red Hat Security Advisory
5	RHSA-2011:1085	https://rhn.redhat.com/errata/RHSA-2011-1085.html
The FreeType Project
6	msg00014	http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html
7	msg00015	http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html

その他

No	Name	URL
JVN
1	JVNVU#619694	http://jvn.jp/cert/JVNVU619694
Secunia Advisory
2	SA45167	http://secunia.com/advisories/45167
SecurityFocus
3	48619	http://www.securityfocus.com/bid/48619
SecurityTracker
4	1025757	http://www.securitytracker.com/id/1025757

Change Log

No	Changed Details	Date of change
0	[2011年07月27日] 掲載 [2012年05月18日] ベンダ情報：オラクル (CVE-2011-0226 Denial of Service (DoS) vulnerability in FreeType) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2011-0226

Summary	Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.
Publication Date	July 20, 2011, 7:55 a.m.
Registration Date	Jan. 28, 2021, 4:37 p.m.
Last Update	Nov. 21, 2024, 10:23 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:freetype:freetype::::::::		2.4.5
cpe:2.3:a:freetype:freetype:2.2.1:::::::*
cpe:2.3:a:freetype:freetype:2.2.10:::::::*
cpe:2.3:a:freetype:freetype:2.3.0:::::::*
cpe:2.3:a:freetype:freetype:2.3.1:::::::*
cpe:2.3:a:freetype:freetype:2.3.2:::::::*
cpe:2.3:a:freetype:freetype:2.3.3:::::::*
cpe:2.3:a:freetype:freetype:2.3.4:::::::*
cpe:2.3:a:freetype:freetype:2.3.5:::::::*
cpe:2.3:a:freetype:freetype:2.3.6:::::::*
cpe:2.3:a:freetype:freetype:2.3.7:::::::*
cpe:2.3:a:freetype:freetype:2.3.8:::::::*
cpe:2.3:a:freetype:freetype:2.3.9:::::::*
cpe:2.3:a:freetype:freetype:2.3.10:::::::*
cpe:2.3:a:freetype:freetype:2.3.11:::::::*
cpe:2.3:a:freetype:freetype:2.3.12:::::::*
cpe:2.3:a:freetype:freetype:2.4.0:::::::*
cpe:2.3:a:freetype:freetype:2.4.1:::::::*
cpe:2.3:a:freetype:freetype:2.4.2:::::::*
cpe:2.3:a:freetype:freetype:2.4.3:::::::*
cpe:2.3:a:freetype:freetype:2.4.4:::::::*
cpe:2.3:o:apple:iphone_os::::::::		4.2.8
cpe:2.3:o:apple:iphone_os:1.0.0:::::::*
cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
cpe:2.3:o:apple:iphone_os:1.1.0:::::::*
cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
cpe:2.3:o:apple:iphone_os:1.1.3:::::::*
cpe:2.3:o:apple:iphone_os:1.1.4:::::::*
cpe:2.3:o:apple:iphone_os:1.1.5:::::::*
cpe:2.3:o:apple:iphone_os:2.0:::::::*
cpe:2.3:o:apple:iphone_os:2.0.0:::::::*
cpe:2.3:o:apple:iphone_os:2.0.1:::::::*
cpe:2.3:o:apple:iphone_os:2.0.2:::::::*
cpe:2.3:o:apple:iphone_os:2.1:::::::*
cpe:2.3:o:apple:iphone_os:2.1.1:::::::*
cpe:2.3:o:apple:iphone_os:2.2:::::::*
cpe:2.3:o:apple:iphone_os:2.2.1:::::::*
cpe:2.3:o:apple:iphone_os:3.0:::::::*
cpe:2.3:o:apple:iphone_os:3.0.1:::::::*
cpe:2.3:o:apple:iphone_os:3.1:::::::*
cpe:2.3:o:apple:iphone_os:3.1.2:::::::*
cpe:2.3:o:apple:iphone_os:3.1.3:::::::*
cpe:2.3:o:apple:iphone_os:3.2:::::::*
cpe:2.3:o:apple:iphone_os:3.2.1:::::::*
cpe:2.3:o:apple:iphone_os:3.2.2:::::::*
cpe:2.3:o:apple:iphone_os:4.0:::::::*
cpe:2.3:o:apple:iphone_os:4.0.1:::::::*
cpe:2.3:o:apple:iphone_os:4.0.2:::::::*
cpe:2.3:o:apple:iphone_os:4.1:::::::*
cpe:2.3:o:apple:iphone_os:4.2:::::::*
cpe:2.3:o:apple:iphone_os:4.2.1:::::::*
cpe:2.3:o:apple:iphone_os:4.2.5:::::::*
cpe:2.3:o:apple:iphone_os:4.3.0:::::::*
cpe:2.3:o:apple:iphone_os:4.3.1:::::::*
cpe:2.3:o:apple:iphone_os:4.3.2:::::::*
cpe:2.3:o:apple:iphone_os:4.3.3:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html	Vendor Advisory
2	http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html	Vendor Advisory
3	http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
4	http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html
5	http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html
6	http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html
7	http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html
8	http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html
9	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html
10	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html
11	http://secunia.com/advisories/45167	Vendor Advisory
12	http://secunia.com/advisories/45224	Vendor Advisory
13	http://support.apple.com/kb/HT4802	Vendor Advisory
14	http://support.apple.com/kb/HT4803	Vendor Advisory
15	http://support.apple.com/kb/HT5002
16	http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html
17	http://www.debian.org/security/2011/dsa-2294
18	http://www.mandriva.com/security/advisories?name=MDVSA-2011:120
19	http://www.redhat.com/support/errata/RHSA-2011-1085.html
20	http://www.securityfocus.com/bid/48619
21	http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html	Vendor Advisory
22	http://www.securityfocus.com/bid/48619
23	http://www.redhat.com/support/errata/RHSA-2011-1085.html
24	http://www.mandriva.com/security/advisories?name=MDVSA-2011:120
25	http://www.debian.org/security/2011/dsa-2294
26	http://www.appleinsider.com/articles/11/07/06/hackers_release_new_browser_based_ios_jailbreak_based_on_pdf_exploit.html
27	http://support.apple.com/kb/HT5002
28	http://support.apple.com/kb/HT4803	Vendor Advisory
29	http://support.apple.com/kb/HT4802	Vendor Advisory
30	http://secunia.com/advisories/45224	Vendor Advisory
31	http://secunia.com/advisories/45167	Vendor Advisory
32	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00016.html
33	http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00015.html
34	http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00028.html
35	http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00026.html
36	http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html
37	http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html
38	http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html
39	http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
40	http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:freetype:freetype::::::::		2.4.5
cpe:2.3:a:freetype:freetype:2.2.1:::::::*
cpe:2.3:a:freetype:freetype:2.2.10:::::::*
cpe:2.3:a:freetype:freetype:2.3.0:::::::*
cpe:2.3:a:freetype:freetype:2.3.1:::::::*
cpe:2.3:a:freetype:freetype:2.3.2:::::::*
cpe:2.3:a:freetype:freetype:2.3.3:::::::*
cpe:2.3:a:freetype:freetype:2.3.4:::::::*
cpe:2.3:a:freetype:freetype:2.3.5:::::::*
cpe:2.3:a:freetype:freetype:2.3.6:::::::*
cpe:2.3:a:freetype:freetype:2.3.7:::::::*
cpe:2.3:a:freetype:freetype:2.3.8:::::::*
cpe:2.3:a:freetype:freetype:2.3.9:::::::*
cpe:2.3:a:freetype:freetype:2.3.10:::::::*
cpe:2.3:a:freetype:freetype:2.3.11:::::::*
cpe:2.3:a:freetype:freetype:2.3.12:::::::*
cpe:2.3:a:freetype:freetype:2.4.0:::::::*
cpe:2.3:a:freetype:freetype:2.4.1:::::::*
cpe:2.3:a:freetype:freetype:2.4.2:::::::*
cpe:2.3:a:freetype:freetype:2.4.3:::::::*
cpe:2.3:a:freetype:freetype:2.4.4:::::::*
cpe:2.3:o:apple:iphone_os::::::::		4.2.8
cpe:2.3:o:apple:iphone_os:1.0.0:::::::*
cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
cpe:2.3:o:apple:iphone_os:1.1.0:::::::*
cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
cpe:2.3:o:apple:iphone_os:1.1.3:::::::*
cpe:2.3:o:apple:iphone_os:1.1.4:::::::*
cpe:2.3:o:apple:iphone_os:1.1.5:::::::*
cpe:2.3:o:apple:iphone_os:2.0:::::::*
cpe:2.3:o:apple:iphone_os:2.0.0:::::::*
cpe:2.3:o:apple:iphone_os:2.0.1:::::::*
cpe:2.3:o:apple:iphone_os:2.0.2:::::::*
cpe:2.3:o:apple:iphone_os:2.1:::::::*
cpe:2.3:o:apple:iphone_os:2.1.1:::::::*
cpe:2.3:o:apple:iphone_os:2.2:::::::*
cpe:2.3:o:apple:iphone_os:2.2.1:::::::*
cpe:2.3:o:apple:iphone_os:3.0:::::::*
cpe:2.3:o:apple:iphone_os:3.0.1:::::::*
cpe:2.3:o:apple:iphone_os:3.1:::::::*
cpe:2.3:o:apple:iphone_os:3.1.2:::::::*
cpe:2.3:o:apple:iphone_os:3.1.3:::::::*
cpe:2.3:o:apple:iphone_os:3.2:::::::*
cpe:2.3:o:apple:iphone_os:3.2.1:::::::*
cpe:2.3:o:apple:iphone_os:3.2.2:::::::*
cpe:2.3:o:apple:iphone_os:4.0:::::::*
cpe:2.3:o:apple:iphone_os:4.0.1:::::::*
cpe:2.3:o:apple:iphone_os:4.0.2:::::::*
cpe:2.3:o:apple:iphone_os:4.1:::::::*
cpe:2.3:o:apple:iphone_os:4.2:::::::*
cpe:2.3:o:apple:iphone_os:4.2.1:::::::*
cpe:2.3:o:apple:iphone_os:4.2.5:::::::*
cpe:2.3:o:apple:iphone_os:4.3.0:::::::*
cpe:2.3:o:apple:iphone_os:4.3.1:::::::*
cpe:2.3:o:apple:iphone_os:4.3.2:::::::*
cpe:2.3:o:apple:iphone_os:4.3.3:::::::*