CVE-2011-3439 — HIGH (9.3) — White Hats Nepal

Q: What is CVE-2011-3439?

CVE-2011-3439 is a vulnerability with a CVSS score of 9.3 (HIGH). FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.

Q: How severe is CVE-2011-3439?

CVE-2011-3439 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-3439?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit.

Vulnerability Description

FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Apple	Iphone Os	< 5.0.1
Suse	Linux Enterprise Desktop	11
Suse	Linux Enterprise Server	11
Suse	Linux Enterprise Software Development Kit	11

Related Weaknesses (CWE)

CWE-787

References

http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.htmlVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00003.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00012.htmlBroken Link
http://secunia.com/advisories/46921Third Party Advisory
http://secunia.com/advisories/48951Third Party Advisory
http://support.apple.com/kb/HT5052Vendor Advisory
http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.htmlVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00003.htmlBroken Link
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00012.htmlBroken Link
http://secunia.com/advisories/46921Third Party Advisory
http://secunia.com/advisories/48951Third Party Advisory
http://support.apple.com/kb/HT5052Vendor Advisory

FAQ

What is CVE-2011-3439?

CVE-2011-3439 is a vulnerability with a CVSS score of 9.3 (HIGH). FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.

How severe is CVE-2011-3439?

CVE-2011-3439 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-3439?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit.