CVE-2010-2808

FreeType: Stack-based buffer overflow by processing certain LWFN fonts

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.

Desbordamiento de búfer en la función Mac_Read_POST_Resource en base/ftobjs.c de FreeType anterior a v2.4.2 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y fallo de la aplicación) o posiblemente ejecutar código a su elección a través de fuentes Adobe Type 1 Mac Font File (también conocido como LWFN) manipuladas.

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-07-22 CVE Reserved
2010-08-17 CVE Published
2024-08-07 CVE Updated
2024-11-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-121: Stack-based Buffer Overflow

CAPEC

References (26)

URL	Tag	Source
http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2	Release Notes
http://secunia.com/advisories/40816	Third Party Advisory
http://secunia.com/advisories/40982	Third Party Advisory
http://secunia.com/advisories/42314	Third Party Advisory
http://secunia.com/advisories/42317	Third Party Advisory
http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view	Product
http://support.apple.com/kb/HT4435	Broken Link
http://support.apple.com/kb/HT4456	Third Party Advisory
http://support.apple.com/kb/HT4457	Third Party Advisory
http://www.securityfocus.com/bid/42285	Third Party Advisory
http://www.vupen.com/english/advisories/2010/2018	Third Party Advisory
http://www.vupen.com/english/advisories/2010/2106	Third Party Advisory
http://www.vupen.com/english/advisories/2010/3045	Third Party Advisory
http://www.vupen.com/english/advisories/2010/3046	Third Party Advisory
https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019	Issue Tracking

URL	Date	SRC

URL	Date	SRC
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=81f3472c0ba7b8f6466e2e214fa8c1c17fade975	2023-02-13
http://marc.info/?l=oss-security&m=128110167119337&w=2	2023-02-13
http://marc.info/?l=oss-security&m=128111955616772&w=2	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=621907	2010-11-10
https://savannah.nongnu.org/bugs/?30658	2023-02-13

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	2023-02-13
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2010-0864.html	2023-02-13
http://www.ubuntu.com/usn/USN-972-1	2023-02-13
https://rhn.redhat.com/errata/RHSA-2010-0737.html	2023-02-13
https://access.redhat.com/security/cve/CVE-2010-2808	2010-11-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Freetype Search vendor "Freetype"		Freetype Search vendor "Freetype" for product "Freetype"				< 2.4.2 Search vendor "Freetype" for product "Freetype" and version " < 2.4.2"		-		Affected
Apple Search vendor "Apple"		Iphone Os Search vendor "Apple" for product "Iphone Os"				< 4.2 Search vendor "Apple" for product "Iphone Os" and version " < 4.2"		-		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				< 10.6.5 Search vendor "Apple" for product "Mac Os X" and version " < 10.6.5"		-		Affected
Apple Search vendor "Apple"		Tvos Search vendor "Apple" for product "Tvos"				< 4.1.0 Search vendor "Apple" for product "Tvos" and version " < 4.1.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				9.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				9.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04"		-		Affected