CVE-2010-2500
freetype: integer overflow vulnerability in smooth/ftgrays.c
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
Desbordamiento de entero en la función gray_render_span en smooth/ftgrays.c en FreeType anterior a v2.4.0 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de un fichero fuente manipulado.
Multiple integer underflows/overflows and heap buffer overflows was discovered and fixed. A heap buffer overflow was discovered in the bytecode support. The bytecode support is NOT enabled per default in Mandriva due to previous patent claims, but packages by PLF is affected. The updated packages have been patched to correct these issues.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-06-28 CVE Reserved
- 2010-07-15 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://lists.nongnu.org/archive/html/freetype/2010-07/msg00001.html | Mailing List | |
| http://marc.info/?l=oss-security&m=127905701201340&w=2 | Mailing List | |
| http://marc.info/?l=oss-security&m=127909326909362&w=2 | Mailing List | |
| http://secunia.com/advisories/48951 | Third Party Advisory | |
| http://securitytracker.com/id?1024266 | Third Party Advisory | |
| http://support.apple.com/kb/HT4435 | Broken Link |
|
| https://savannah.nongnu.org/bugs/?30263 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6305b869d86ff415a33576df6d43729673c66eee | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=613167 | 2010-07-30 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html | 2023-02-13 | |
| http://www.debian.org/security/2010/dsa-2070 | 2023-02-13 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2010:137 | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2010-0577.html | 2023-02-13 | |
| http://www.redhat.com/support/errata/RHSA-2010-0578.html | 2023-02-13 | |
| http://www.ubuntu.com/usn/USN-963-1 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2010-2500 | 2010-07-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freetype Search vendor "Freetype" | Freetype Search vendor "Freetype" for product "Freetype" | < 2.4.0 Search vendor "Freetype" for product "Freetype" and version " < 2.4.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 9.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 9.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | < 10.6.5 Search vendor "Apple" for product "Mac Os X" and version " < 10.6.5" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 5.0 Search vendor "Debian" for product "Debian Linux" and version "5.0" | - |
Affected
| ||||||