CVE-2011-3256

EPSS 3.0%

freetype - missing input sanitising

Published: 10/14/2011Modified: 4/28/2026

Also known as:DEBIAN-CVE-2011-3256

Description

FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.

Affected packages (2)

Debian/freetypefrom 0, < 2.4.7-1
Debian/freetypefrom 0, < 2.3.7-2+lenny7

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-3256