Search for vulnerabilities
Vulnerability details: VCID-96ed-x7gx-aaap
Vulnerability ID VCID-96ed-x7gx-aaap
Aliases CVE-2011-3439
Summary FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
Status Published
Exploitability 0.5
Weighted Severity 8.4
Risk 4.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2011:1455
rhas Important https://access.redhat.com/errata/RHSA-2012:0094
epss 0.01026 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.01026 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.01026 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.01026 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.01047 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.01047 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.01047 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.01047 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.01047 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.01047 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.01047 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.01047 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.01047 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.01047 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.01047 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.01047 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.03373 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.06539 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.06539 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.06539 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.06539 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.06539 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.06539 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.06539 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.06539 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.06539 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.06539 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.06539 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.06539 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.06539 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.06539 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.06539 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
epss 0.09425 https://api.first.org/data/v1/epss?cve=CVE-2011-3439
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=753799
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2011-3439
Reference id Reference type URL
http://lists.apple.com/archives/Security-announce/2011/Nov/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00012.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3439.json
https://api.first.org/data/v1/epss?cve=CVE-2011-3439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3439
http://secunia.com/advisories/46921
http://secunia.com/advisories/48951
http://support.apple.com/kb/HT5052
649122 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649122
753799 https://bugzilla.redhat.com/show_bug.cgi?id=753799
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp1:*:*:*:*:*:*
CVE-2011-3439 https://nvd.nist.gov/vuln/detail/CVE-2011-3439
GLSA-201201-09 https://security.gentoo.org/glsa/201201-09
RHSA-2011:1455 https://access.redhat.com/errata/RHSA-2011:1455
RHSA-2012:0094 https://access.redhat.com/errata/RHSA-2012:0094
USN-1267-1 https://usn.ubuntu.com/1267-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2011-3439
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.83636
EPSS Score 0.01026
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.