CVE-2011-3439
freetype - missing input sanitising
EPSS 4.3%
Description
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
How to fix CVE-2011-3439
To remediate CVE-2011-3439, upgrade the affected package to a fixed version below.
- Debian/freetype—upgrade to 2.4.8-1 or later
- Debian/freetype—upgrade to 2.3.7-2+lenny8 or later
Is CVE-2011-3439 being exploited?
Low — EPSS is 4.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 2.4.8-1
- from 0, < 2.3.7-2+lenny8